Electronic Payment Providers - Payment Processing


Security

History

Executive Team

Strategic Partners

Associations

Careers

SDP Compliance

CISP Compliance

Security

FAQ

Get More Info

See a Demo

Experienced, Reliable, Secure.

Electronic Payment Providers® (EPP) commitment to security is of the highest level. We use the highest level of encryption and the latest security tools to ensure that our merchants feel secure. We would like to highlight some of the key features of our security.

Secure Socket Layers (SSL)
This security protocol sits just below protocols such as HTTP and uses the lower-level TCP/IP to allow SSL-enabled PCs and servers to authenticate to each other. SSL creates single-session key exchange; using public and private-key data encryption (usually 128-bit) from RSA Data Security for enciphering and deciphering encrypted SSL transmissions.

SSL 128-bit Data Encryption (ACH)
EPP ACH transactions operate on software that employs SSL, 128 bit encrypted transmissions, meeting the highest standard of the government's current requirements. 128-bit data encryption is a secure coding method in which transactions require a 128-bit encryption key to unlock the block cipher and read the data. The block cipher method applies a cryptographic key to a block of data as a group, rather than breaking the data into smaller sizes. This makes the data virtually impervious to attack.

We offer the finest in currently available server-level protection behind a dedicated firewall and when applicable, a Virtual Private Network (VPN). The security at the server level is customizable according to your needs.
Multiple layers of application-level controls against intrusion.
The highest levels of file (and messaging!) security protection available anywhere, superior to any secure FTP server.
ACH *SecureFile™ product does not write unencrypted data to disk, whether you or your customers are communicating ACH file data or a confidential, sensitive message.
ACH *SecureFile's™ built-in secure data storage system uses the 256-bit AES encryption certified by the US and Canadian governments for its vendors.

SSL 1024-bit Data Encryption (Credit Card)
All of EPP's Credit Card communications and processing occur through Secure Socket Layers (SSL). To ensure a higher level of security, we use 1024-bit SSL encryption with all of our transactions. Any toolkits linked for usage with the EPP gateway are also tested to make sure that security is setup properly. With the proper security layers setup between toolkits and the gateway, we ensure that no information can be stolen and all information is securely transacted.

Identification Through "Keys" (Credit Card)
An older, more conventional way of communicating and identifying with gateways was the use of usernames, id's and passwords. EPP realizes that this method is very insecure. This is why we use a "Key System" for identification. Merchant's toolkits ( e.g. software ) communicate with the gateway by getting assigned a high-bit encrypted string called a Key. When sent into the gateway the key is processed to identify which merchant it belongs to as well as what toolkit it belongs to. This allows the merchants to feel safe that their toolkit source code doesn't contain critical information such as their username and it allows the merchant to separate their toolkits by assigning individual keys for each toolkit. Merchants can revoke keys at any time if they notice a key is being misused by malicious online users and different fraud protection layers can be applied to each key within the EPP Fraud Stopper.

Fraud Stopper (Credit Card)
The EPP Fraud Stopper relies on its Module Stack Design. Each module controls a different aspect of security and the merchants chooses which modules to put on the fraud control stack. Some example of modules are duplicate transaction control, block by country (and/or state, city, zip, name...), auto detection of misuse of toolkit by customer ( blocks a person from using an eCommerce toolkits after certain amount of tried with different cards ), block by IP and many more. The advantage to this design is it allows the merchant to constantly add/change their fraud controls and EPP is always adding new modules to the Fraud Stopper; always up to date on fraud security issues.

Fraud Stopper also allows the merchant to apply different fraud controls to different keys (sources), so a merchant can have high levels of fraud control on their Shopping Cart but low levels on their console for their own employees.

New Way of Storing Credit Cards
EPP realizes that the most common attack to merchants is the stealing of a "list" or "database" of credit cards. With this in mind, EPP has developed a revolutionary new way of storing credit card to stop such attacks. On the EPP system there is no database or list of cards, therefore the idea of getting such a thing by a malicious attacker is impossible. Credit cards are stored on an individual basis and can only be viewed on an individual basis by unlocked or "de-encrypting" each card one-by-one.

There is no reason for a merchant to call up ever a "list" of card numbers. If a card number is needed, the card is decrypted and unparsed from the system; a process which takes only 1-2 seconds. Only one card can be viewed at a time. This "non-database" design of storing credit cards provides the utmost highest level of security toward credit card storage to date.

More Questions?
We want to you to be confident in our security standards here at EPP. If there are any questions which we have not answered concerning our security please feel free to email our technical support group for answers at techsupport@expresspayments.com.