End-to-End Tokenized Encryption

EPX now extends data protection to what I call the 'first inch" of a transaction, i.e., from the plastic to the browser/EPX hosted application.  They do that by integrating an encrypting card reader with their BuyerWall solution so that it holds the decryption keys out of the merchant's custody and in a secure system. The PAN data is not decrypted until it is needed for submission directly to the authorization networks, and is never at the merchant anywhere in plain text.


EPX Delivers First Tokenized End-To-End Encryption Solution for Unsurpassed Merchant Security

Wilmington, DE August 10, 2009 - Today Electronic Payment Exchange (EPX) became the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle. Using encrypted card readers with EPX's BuyerWall™ credit card data tokenization technology, EPX has virtually removed merchants' point-of-sale systems and card readers from the scope of PCI compliance and has substantially eliminated merchant liability associated with the risk of processing, transmitting, and storing sensitive cardholder data.

Encryption built into hardware and software at the point of sale provides strong protection against potential breaches before card numbers enter into the authorization process by immediately encoding credit card numbers upon the card swipe. Further securing the transactions, tokenization provides unsurpassed security against data breaches and identity theft after the initial card swipe by replacing account numbers with values that are meaningless to hackers and identity thieves.

EPX Chief Executive Officer Ray Moyer recognizes the significant advantage in using both tokenization and encryption in a true end-to-end payment processing solution. "There no longer needs to be any debate over encryption versus tokenization. Quite simply, the answer is to use both," says Moyer. "Merchants deserve the best possible solution that incorporates the benefits of both technologies. Rather than creating regulation and expecting merchants to absorb the costs and burdens of securing payment data, we in the payment industry must lead the way in developing and delivering the most secure and cost-effective solutions to facilitate PCI compliance, to protect merchants, and to ultimately enhance consumer confidence."

David Hogan, CIO and senior vice president of retail operations for the National Retail Federation (NRF), sees the value in EPX's solution. "Protecting consumer's credit card data against today's professional hackers is a challenge for all merchants. EPX's announcement of a solution that offers both end-to-end encryption along with tokenization is going to be well received by the entire retail industry," states Hogan.

FasTraxPOS, a retail automation company offering point-of-sale solutions to more than 1,300 convenience and tobacco-related stores, is one of the first organizations to adopt EPX's new tokenized end-to-end encryption solution. FasTraxPOS Chief Executive Officer Darren Schwartz recognizes the impact EPX's solution will have on his merchant customers. "We realize the importance of protecting our customers from the costs and liabilities associated with compromised credit card information," says Schwartz. "Using EPX's processing with our new point-of-sale system will give our merchants affordable protection and virtually ensure PCI compliance."

Dr. David Taylor, founder of the PCI Knowledge Base and a leading authority on PCI compliance, commented on EPX's announcement. "Whether to use encryption or card number tokenization for true end-to-end card data security is one of the most active debates in the PCI compliance community.  In light of major card data compromises at several retailers and a major US processor recently, this hybrid solution could become a significant leap forward. This kind of pragmatic solution seems to give merchants the potential of a lower-cost and more easily implemented alternative to protecting cardholder data along every inch of the transaction process. Our research among both large and smaller merchants suggests there is definite demand for solutions that encrypt data at the reader, then tokenize it through the rest of the transaction flow, so we expect this will generate a lot of interest in the market."

###

 

About Electronic Payment Exchange

Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.

 

EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.

 

For more information on EPX, visit www.epx.com or contact EPX at 302-246-3110.

 

Contact:

Steven M. Kendus, Marketing Director

Electronic Payment Exchange

302.246.3091

[email protected]

Recent Entries

Cloud Computing - Does Amazon fail PCI Compliance?
There's an ongoing debate about the ability of cloud computing services to meet enterprise regulatory compliance requirements, including the Payment…
End-to-End Tokenized Encryption
EPX now extends data protection to what I call the 'first inch" of a transaction, i.e., from the plastic to…
Guidelines - PCI DSS Wireless Guideline Supplement
Dcument purpose  - This document provides guidance and installation suggestions for testing and/or deploying 802.11 Wireless Local Area Networks (WLAN)…
Healthcare - Building Kiosks From Scratch
In an era of consumerism, physician group practices are looking for ways to improve customer service and gain loyalty. So…
Trends - Number of retail medical clinics shrinking
Projections that showed there would be 2,500 retail clinics operating by 2010 are coming up short as the industry has…
Wireless transactions and PCI DSS 1.2 Compliance
Article covering wireless transaction and protocols in context of PCI compliance. Amazing that 11% use WPA2. Gist of article is…
EMV Level 2 - Just what does it mean?
The purpose and goal of the EMV standard is to specify interoperability between EMV compliant IC cards and EMV compliant…
CUPPS: The Platform of the Future (Airline Kiosk)
CUPPS has been architected as the platform of the future, able to accommodate many things even beyond the agent-facing applications…
EMV takes aim at U.S.
Nice article on SecureIDnews covering EMV. by Andy Williams, Associate Editor, Avisian PublicationsLike a massive tidal wave, EMV continues to roll…
Tokenization and Enterprise Security
Nice article on tokenization which also highlights lack of formal standards for tokenization at this time. Credit Card Tokenization: Put All…
Wal-Mart's Kiosk Trial Raises Serious PCI, Data Ownership Issues
Wal-Mart this month became the latest major retailer to experiment with self-service kiosks, selling space in 77 stores for units…
Proximity (NFC) Mobile Payment Technology - Security Whitepaper
The opportunities offered by the advent of proximity mobile payments are clear; differentiated payment services, increased transaction volumes, faster transactions,…
Look Beyond Hospitality Touch Screen Solutions
Whether you realize it or not, touch technology quickly is becoming the intuitive input delivery method of choice. Look no…
Level 4: The small-merchant PCI challenge
While sensational data breaches experienced by big-box retailers and processors fill the headlines, 85 percent of reported data compromises involve…
ATM Card Skimming and Pin Capture
ATM Card Skimming is a method used by criminals to capture data from the magnetic stripe on the back of…
Background - Use of Electronic Health Records in U.S. Hospitals
Report from New England Journal of Medicine on Electronic Health Records. Concludes - very low levels of adoption in U.S.…
PCI DSS in real life -- Requirement 1 Firewall
Excerpt: Critical to the selection was choosing a vendor that best met PCI DSS (Payment Card Industry Data Security Standard)…
User Interface & Content - Can I Use My Website?
Web sites, self-service can play nicely together according to Jim Kruper of Kioware.  With the increasing number of devices that…
Resource Link - Understanding credit card transaction fees
Merchants accounts, gateways and rates. Having your kiosk process credits cards swiped locally (card present) come with regulatory standard considerations…
Whitepaper - Introduction to CFM or Customer Flow Management
CFM or Customer Flow Management systems are found in more verticals/markets than any other application. Here is a technical document…



  |