It is great to see that leaders in the payments and security industries are recognizing EPX’s accomplishments
Wilmington, DE (Vocus) July 15, 2010
Electronic Payment Exchange (EPX), a full-service payment processing organization, announced today that their organization welcomes the recent third-party validations of cardholder data tokenization and payment processing outsourcing. Newly announced global industry best practices for tokenization from Visa Inc. validate EPX’s long-standing deployment of tokenization technology for securing cardholder data. Additionally, a June 2010 security brief from RSA supports EPX’s approach to tokenized payment processing outsourcing by referencing an EPX client case study that shows how tokenization and payment processing outsourcing reduce merchant costs and other burdens associated with securing cardholder data.
The recent release of Visa’s tokenization best practices provides valuable guidance to merchant organizations seeking to utilize tokenization solutions for securing cardholder data. As the first organization in the payments industry to engineer and deploy tokenization technology, EPX welcomes Visa’s focus on and validation of tokenization solutions.
In version 1.0 of the Visa Best Practices for Tokenization document, Visa establishes best practices related to four critical components of tokenization: token generation, token mapping, card data vault, and cryptographic key management. Visa provides further recommendations regarding tokenization system configuration, implementation, and management, and offers guidance on the management of historical data.
EPX, which has offered merchants tokenization technology since 2001, abides by one hundred percent of the best practices established by Visa and views the best practices as reinforcement of EPX’s approach to tokenization. According to EPX Chief Security Officer Matt Ornce, “Visa is now confirming what we have been saying and practicing for years. Merchants that properly implement a sound tokenization solution are able to limit cardholder data storage in their environments. In turn, this simplifies merchant PCI DSS assessments by reducing the scope of their compliance requirements, associated costs, and implementation. This makes merchants of any size more secure and brings them into compliance easier, faster, and with less expense.”
Further validating EPX’s approach to payment data security, a June 2010 security brief released by RSA provides insight into how tokenization can be combined with payment processing outsourcing to relieve merchants of the burden and potential costs associated with securing cardholder payment data. Using an EPX client who annually processes tens of thousands of ecommerce transactions as an example, RSA pointed out that the merchant organization substantially reduced its PCI compliance burden. The security brief also establishes that, over the next several years, many payment processing organizations will introduce outsourced payment services to manage cardholder data risks on behalf of merchants. The brief provides additional insight by stating that the most effective outsourced payment services will use a combination of tokenization and encryption.
EPX has provided payment card security outsourcing for ten years and was the first payment processor to actually market, sell, and implement a solution that uses both tokenization and encryption for securing card data from the card swipe through the entire transaction lifecycle. By processing through EPX, individual merchants have reduced their initial PCI compliance burden by millions of dollars and continue to realize significant annual savings.
EPX welcomes the third-party validation of payment processing outsourcing and the use of tokenization plus encryption technologies. “It is great to see that leaders in the payments and security industries are recognizing EPX’s accomplishments,” EPX Chief Executive Officer Ray Moyer said.
About Electronic Payment Exchange:
Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.
EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.
For more information about EPX, visit http://www.epx.com or contact EPX at 302.288.0600.