EPX now extends data protection to what I call the 'first inch" of a transaction, i.e., from the plastic to the browser/EPX hosted application. They do that by integrating an encrypting card reader with their BuyerWall solution so that it holds the decryption keys out of the merchant's custody and in a secure system. The PAN data is not decrypted until it is needed for submission directly to the authorization networks, and is never at the merchant anywhere in plain text.
EPX Delivers First Tokenized End-To-End Encryption Solution for Unsurpassed Merchant Security
Wilmington, DE August 10, 2009 - Today Electronic Payment Exchange (EPX) became the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle. Using encrypted card readers with EPX's BuyerWall™ credit card data tokenization technology, EPX has virtually removed merchants' point-of-sale systems and card readers from the scope of PCI compliance and has substantially eliminated merchant liability associated with the risk of processing, transmitting, and storing sensitive cardholder data.
Encryption built into hardware and software at the point of sale provides strong protection against potential breaches before card numbers enter into the authorization process by immediately encoding credit card numbers upon the card swipe. Further securing the transactions, tokenization provides unsurpassed security against data breaches and identity theft after the initial card swipe by replacing account numbers with values that are meaningless to hackers and identity thieves.
EPX Chief Executive Officer Ray Moyer recognizes the significant advantage in using both tokenization and encryption in a true end-to-end payment processing solution. "There no longer needs to be any debate over encryption versus tokenization. Quite simply, the answer is to use both," says Moyer. "Merchants deserve the best possible solution that incorporates the benefits of both technologies. Rather than creating regulation and expecting merchants to absorb the costs and burdens of securing payment data, we in the payment industry must lead the way in developing and delivering the most secure and cost-effective solutions to facilitate PCI compliance, to protect merchants, and to ultimately enhance consumer confidence."
David Hogan, CIO and senior vice president of retail operations for the National Retail Federation (NRF), sees the value in EPX's solution. "Protecting consumer's credit card data against today's professional hackers is a challenge for all merchants. EPX's announcement of a solution that offers both end-to-end encryption along with tokenization is going to be well received by the entire retail industry," states Hogan.
FasTraxPOS, a retail automation company offering point-of-sale solutions to more than 1,300 convenience and tobacco-related stores, is one of the first organizations to adopt EPX's new tokenized end-to-end encryption solution. FasTraxPOS Chief Executive Officer Darren Schwartz recognizes the impact EPX's solution will have on his merchant customers. "We realize the importance of protecting our customers from the costs and liabilities associated with compromised credit card information," says Schwartz. "Using EPX's processing with our new point-of-sale system will give our merchants affordable protection and virtually ensure PCI compliance."
Dr. David Taylor, founder of the PCI Knowledge Base and a leading authority on PCI compliance, commented on EPX's announcement. "Whether to use encryption or card number tokenization for true end-to-end card data security is one of the most active debates in the PCI compliance community. In light of major card data compromises at several retailers and a major US processor recently, this hybrid solution could become a significant leap forward. This kind of pragmatic solution seems to give merchants the potential of a lower-cost and more easily implemented alternative to protecting cardholder data along every inch of the transaction process. Our research among both large and smaller merchants suggests there is definite demand for solutions that encrypt data at the reader, then tokenize it through the rest of the transaction flow, so we expect this will generate a lot of interest in the market."
###
About Electronic Payment Exchange
Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.
EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.
For more information on EPX, visit www.epx.com or contact EPX at 302-246-3110.
Contact:
Steven M. Kendus, Marketing Director
Electronic Payment Exchange
302.246.3091