Wilmington, DE (Vocus) October 9, 2009
Electronic Payment Exchange (EPX), a leading merchant acquirer and payment processor, said today that the recent Visa release of data field encryption best practices provides welcome leadership to merchants, technology professionals, and vendors looking for practical ways to reduce the risk of data breach. EPX is the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle, and believes the Visa best practices validate their approach.
The best practices for data field encryption (also known as end-to-end encryption or point-to-point encryption) announced by Visa on October 5, 2009 work toward developing a standard approach while offering guidance to payment solution providers. Visa establishes five key implementation objectives for payment providers who deploy end-to-end encryption: limiting the availability of cleartext cardholder and authentication data; using robust key management solutions that are consistent with international standards; using key lengths and cryptographic algorithms that are consistent with international standards; protecting cryptographic devices from physical/logical compromises; and using alternate identifiers for business processes that require the account number after authorization.
“The technologies built into EPX BuyerWall goes hand-in-hand with the data field encryption objectives established in the Visa best practices document,” says EPX Chief Security Officer Matt Ornce. “Using encrypted card readers with our EPX BuyerWall solution satisfies the Visa’s objectives and provides strong protection for merchants against potential data breaches.”
According to the Visa data field encryption best practices document, “no single technology can completely solve for fraud.”
Ornce wholeheartedly agrees. “EPX’s solution uses both end-to-end encryption to encrypt card data from the point of sale, and tokenization on the back end of the transaction,” he says. “Encryption at the card reader protects merchants against potential breaches before card numbers even leave the swipe for authorization. EPX BuyerWall tokenization replaces account numbers with values that are meaningless to would-be thieves and cannot be reverse-engineered to reveal the card numbers. Combined, they provide unparalleled fraud protection for a merchant’s customers.”
About Electronic Payment Exchange
Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.
EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.
For more information about EPX, visit http://www.epx.com or contact EPX at 302-246-3110.
Steven M. Kendus, Marketing Director
Electronic Payment Exchange
# # #