Electronic Payment Exchange Maintains Payment Processing and Customer Service Volumes during ‘Snowmageddon’

February 26th, 2010

During back-to-back blizzards that dumped nearly four feet of snow in Wilmington, Delaware earlier this month, Electronic Payment Exchange (EPX), a leading merchant acquirer and payment processor, continued to operate without skipping a beat. Faced with the region’s largest snowfall totals in modern history and declared states of emergency throughout Delaware, EPX successfully processed 100% of the transactions submitted by their clients and promptly handled customer service calls.

Christine Bradley, director of operations and client services for EPX, activated the company’s emergency response plan in anticipation of the storms. “Although the State restricted driving to emergency personnel and urged businesses to close, we were unaffected by the order,” said Bradley. “When the forecasts predicted the storms of the century, we put our emergency plan into effect and made all of the necessary preparations for our employees to work remotely via our secure network connections.”

EPX customer service telephone lines were forwarded to employee cell phones, which enabled EPX’s service managers to transparently address any customer issues that arose during the storm. Transaction flow from EPX merchants routed directly through EPX’s Phoenix, Arizona data center, so EPX merchants and the merchants’ customers were unaffected by the storms.

“Considering how the storms crippled the region,” Bradley says, “It’s great to see that modern technology and our emergency planning allowed us to efficiently serve our customers.”

Tags: , , , , ,
Posted in EPX News | No Comments »

EPX is a pioneer in the payments industry

January 20th, 2010

Founded in 1979, Electronic Payment Exchange (EPX) is a pioneer in the payments industry. EPX commercialized many of the innovations that became industry standards.

EPX was the first payment processing organization to:

  • process credit card transactions using the Internet
  • develop a surety product that transferred merchant processing risk to the reinsurance market
  • implement CID, the fraud detection innovation
  • deploy an online merchant reporting system
  • provide online chargeback adjudication
  • provide a unique identifier back with each transaction as a reference for subsequent transactions
  • provide a hosted POS solution accepting swipe and PIN debit
  • deliver end-to-end card swipe encryption for its POS solutions

EPX is truly unique in the payments industry – it provides a straight-through, fully integrated payment processing platform, whereas its competitors offer a patchwork of limited-service providers that merchants must manage and integrate separately. EPX provides traditional, as well as Internet-related products and services, to businesses, public utilities, merchants, retailers, e-tailers, merchant acquiring banks, Independent Sales Organizations (ISOs), and third-party processors in the United States, Canada, Europe, the Middle East, Latin America and the Caribbean.

Realizing the increased focused on PCI-compliance, EPX is revolutionizing the payments industry through the development of fully integrated payment solutions that enable merchants to efficiently, securely, and cost-effectively process credit card, debit card, stored value, and ACH payments. By incorporating our patent-pending BuyerWall™ technology into our solutions, we lead the way in helping merchants achieve PCI compliance.

EPX solutions include:

  • EPX Secure Payment Processing – Decreases risk exposure, enhances data security, lowers costs, provides custom reporting, strengthens process reliability, and reduces potential points of failure.
  • EPX WebSuite – Web-based reporting, data analysis, exception transactions, chargebacks.
  • EPX Virtual Terminal – Provides the basic functionality of a point-of-sale terminal and offers modes for processing point-of-sale, mail order / telephone order, and ecommerce transactions.
  • EPX vPost – EPX vPost is a standalone product that emulates all the functionality of a high-volume point-of-sale terminal through a web browser, and is flexible enough to be used for point-of-sale swipe, PIN debit, mail order / telephone order, and ecommerce transactions.
  • EPX PayPage – Enables ecommerce merchants to outsource online payment acceptance and PCI compliance requirements by replacing their web sites’ payment pages with customized pages from EPX.

Posted in EPX Commentary, EPX News, Payments Industry News | No Comments »

EPX Protects Payment Data During the Transaction Lifecycle, But Consumers Must Safeguard their Credit Cards and Debit Cards at All Times

January 12th, 2010

Electronic Payment Exchange’s industry leading tokenization and encryption technologies protect payment data throughout the transaction lifecycle. Independent of EPX however, identity theft occurs constantly as a result of insecure consumer practices before any card data enters the transaction lifecyle. Therefore, it is important for credit and debit card users to practice high levels of safety when performing transactions.

Below is a list of important safety tips for credit and debit card users to follow:

  • If you have applied for a new/replacement card, and have not received it within 14 business days, immediately contact your financial institution.
  • Activate your new/replacement card once you receive it in the mail. Be sure to remove the sticker from the card once activated.
  • Sign the back of the credit/debit card as soon as you receive it.
  • Memorize your Personal Identification Number (PIN). Never write the PIN on the back of the debit card, or on a piece of paper and keep it in your wallet.
  • Never share your PIN with anyone. No one from a financial institution, police, or any merchants should ask for your PIN.
  • Never lend your credit/debit card to anyone. No one else should have access to it.
  • Protect your credit/debit card as if it were cash! Never let your card out of your sight.
  • Do not leave your credit/debit card in your vehicle.
  • Report lost or stolen credit/debit cards immediately! During business hours, contact your local bank branch. Once you have received your new card, notify all merchants with whom you have set up automatic billing payments of the new card number.
  • Be aware of others nearby when entering your PIN. Shield the screen or keyboard of the POS terminal or ATM machine to prevent those nearby from viewing your PIN entry or transaction amount.
  • Do not volunteer any personal information when using your credit/debit card.
  • Do not give you social security number, credit/debit card number, or any bank account information over the phone unless you have initiated the call, and you know that the business you are dealing with is reputable.
  • Before leaving the cashier, make sure you receive your credit/debit card back after every purchase.
  • Be careful with any receipts; do not leave them behind.
  • Always check your sales receipt for the correct purchase amount prior to signing. Keep copies of your sales and ATM receipts for future reference.
  • Verify the purchase amount on each receipt with the transaction amounts on the bank statements.
  • If you do not receive your monthly statement within a timely manner, contact your financial institution.
  • Contact your local financial institution for any changes made to your address or phone number. Keep your contact information current at all times so that your bank can contact you when necessary.
  • Shred all credit/debit card receipts or confidential information prior to placing it in the trash.
  • If you receive credit card applications in the mail, shred them before placing them in the trash. This prevents anyone from filling out the application in your name and receiving the card. If you choose to fill out an application, make sure the application is from a reputable financial institution.
  • Shred all expired credit/debit cards before placing them in the trash. Some paper shredders are capable of shredding the cards, or use a pair of scissors to cut the cards up into small pieces.
  • Keep track of every credit/debit card owned. Keep a confidential list of issuer telephone numbers in a secure location.
  • Avoid carrying extra credit/debit cards in your wallet or purse. Carry only the cards that you use frequently.
  • Never send payment information via email. Go directly to the web site and log into your account.
  • When making a purchase online, make sure you are using a secured browser. All reputable merchant web sites use an encryption technology that protects your personal data from being compromised by others while conducting online transactions.
  • Never provide your credit/debit card as proof of age. A credit/debit card does not contain information that verifies the card holder’s age. Some merchants my request the card number, show them your driver’s license instead.
  • Avoid using your PIN when using your debit card to make a purchase. It is best to just run the debit card like a credit card.
  • Be aware of emails that request personal data such as: PINs, Social Security Number (SSN), personal passwords, mailing address, or phone numbers. Plus emails that send you to a web site that request such information. Best thing to do is to delete the email.
  • Be aware of solicitors posing as representatives from a credit card or financial institution, calling to tell you that there has been some fraudulent activity on your account and requests your account number, PIN number, social security number or the three digit code located on the back of your card. If a financial institution contacts you due to suspicious activity, they would never ask for personal information to verify your transaction. Best thing to do is hang up and contact your bank institute to verify the status of your account.
  • When using an ATM machine, observe the surrounding area. If the machine is obstructed from view, or poorly lit, locate another ATM machine to perform your transaction. Report the condition to the financial institution responsible for that ATM machine.
  • Prior to using an ATM machine, be sure to inspect the card reader area for evidence of tampering. If there is evidence of tampering, contact the owner of the ATM to report the problem.
  • When using a drive-through ATM machine, make sure that all passenger windows are closed, and the doors are locked. This will prevent anyone form accessing your card while performing a transaction.
  • If using an indoor ATM machine that requires you to use a card to gain access, do not allow any unknown individuals in with you.

If credit and debit card users would perform at least half of these suggested security tips, the number of identity thefts and fraudulent transactions happening each day would be reduced.

For additional information about identity theft, click here.

Tags: , , , , , , , , , , , , , ,
Posted in EPX Commentary | No Comments »

More Merchants Taking Advantage of “Pin-Less” Debit Transactions to Lower Transaction Costs

December 30th, 2009

Increasing numbers of merchants now are allowed to process bank-issued debit cards online or over the phone without PIN validation. Those merchants qualified to accept PIN-less debit payment can take advantage of all-in costs, which can be far below the expense of a credit card or a debit card transaction processed through the credit card networks.

Electronic Payment Exchange (EPX) is one of a very few payment processors technically set-up and certified to submit “PIN-less” debit transactions directly to the three electronic funds transaction (EFT) networks that currently waive PIN validation for certain card-not-present transactions:  STAR, Pulse and NYCE.

In a PIN-less debit transaction, a customer supplies his/her bank ATM card information to make a web or phone payment to an eligible merchant. The debit is linked to the customer’s bank account, but normally includes a Visa or MasterCard logo. Before the transaction, the cardholder is given the choice of using the card as a “signature debit” transaction, or a PIN-less debit payment. If it is a signature debit transaction, the transaction is processed through the Visa and MasterCard networks without PIN entry, just like an online credit card transaction except that the funds are deducted directly from the cardholder’s depository account, not billed to the customer by the bank. If the customer chooses to make a PIN-less debit transaction, the transaction is routed by EPX directly to the EFT network with which the card issuing bank has a processing agreement. As with any ATM or debit transaction, PIN-less card transactions result in funds deducted in near real-time from the cardholder’s posted bank account balance.

Since there is greater inherent risk of loss from a transaction without PIN validation, the EFT networks limit the privilege of PIN-less debit transaction processing to a range of merchants within authorized industry sub-sectors. The transactions from permitted sectors are assumed to be safer because these businesses commonly take payments from known customers for routine billings.

The list of permitted industry sectors varies by EFT network. At a minimum, the list includes:

  • Utilities (electric power, natural gas, telephone, cable, cellular, satellite, etc.)
  • Government agency payments (taxes, fees, fines and penalties, etc.)
  • Education providers (tuition payments)
  • Insurance providers (property, casualty, health and life)
  • Closed-end loan payments (mortgage and motor vehicle)
  • Rent/lease payments

STAR and NYCE allow a somewhat broader range of merchant types to submit PIN-less debit transactions than does the Pulse network. The list of allowed merchant types is expanding steadily as the EFT networks gain experience from PIN-less transactions.

Each EFT network has a distinct schedule of fees and policies for PIN-less debit transactions. The fee calculations are a bit complicated because they can vary by the specific SIC code, whether the merchant is in an “emerging” market, and because of the differences in pricing strategies among the networks. The greatest comparative advantage over credit card rates comes when a customer chooses to make payment with a STAR- or NYCE-affiliated debit card and the billing amount is higher than $100.00 (as often is the case for utilities, insurance companies, property manager and other favored business segments).

For comparison, consider a $200.00 online or phone credit card or “signature debit” transaction versus a PIN-less debit payment. Processed as a credit card, the merchant’s rate for a non-face-to-face transaction might typically be 2.10% or more of the face amount, plus $0.20 per transaction. The total cost to the merchant would therefore be $4.40. If the PIN-debit were accepted by the STAR network, the highest fees would be 14.5 cents for the transaction plus 0.65% on the dollar amount – but the total is capped at $1.00 in percentage fees. Therefore, the total cost of that PIN-less debit transaction would be $1.45 – a savings of about two-thirds over a credit card or signature debit transaction in this scenario.

The savings realized from PIN-less debit quite case-specific to the network, merchant type and transaction size. For instance, if the transaction were run on the NYCE network, the cost would be fairly comparable to STAR for that size of transaction. However, if the card happened to be Pulse-affiliated, the overall fees would compare more closely to the cost of credit card or signature debit processing. In 2009, Pulse (owned by Discover) removed its ceiling on the percentage rate charged for PIN-less debit transactions, and the percentage fee is about a third greater than STAR or NYCE.

The network to which each transaction is routed is determined by the bank that issued the debit card. Each debit card issuer has a processing agreement in place with one or another EFT network. Most issuing banks are affiliated with one of the big three independent networks (STAR, Pulse or NYCE). If the card tendered is not one of their own, these EFT networks route transactions to the correct network.

PIN-less debit transactions differ from credit card, signature debit, or ACH transactions in several other ways, including:

  • EFT rules require that the customer with a  branded debit card be given the choice of processing their debit card as a PIN-less transaction or a “signature debit;”
  • PIN-less transactions post against the customer’s depository account in near-real-time through the EFT networks, whereas an ACH payment may take 2 or more days to post.
  • Authorization codes are not always received for PIN-less transactions, but such codes – unlike with credit card transactions – are not required for funding of the PIN-less debit transactions.
  • Account solvency is immediately determinable. However, merchants assume the risk of non-sufficient funds (“NSF”), stop payment, or fraudulent transactions — just as would be the case if they processed a check or ACH transaction.
  • It is unnecessary to request a capture of the transaction since the transaction is authorized by, and the funds moved by, the EFT networks
  • For a credit card transaction, you can typically process an authorization reversal. This is not the case with a PIN-less debit transaction
  • There is no credit feature for PIN-less debit. Refunds are possible only by issuing the customer cash, check, store credit or other forms of reimbursement
  • PIN-less cards do not a accrue rewards benefits as often

Some PIN-less debit can provide significant cost savings and other advantages for authorized merchants, if those merchants have the sophistication and discipline to proactively encourage consumers to pay with EFT debit cards that offer the greatest marginal transaction savings.

Merchants can learn more about PIN-less debit transaction from EPX by contacting sales@epx.com or an EPX account manager.

– Charles Crawford, EPX EVP for Strategic Development

Tags: , , , , , , , , , , , , , , , ,
Posted in EPX Commentary, Payments Industry News | 1 Comment »

BJs, Heartland Got Off the Hook Legally, but Lost in the Court of Public Opinion

December 22nd, 2009

By: Chuck Crawford

On December 11, the Massachusetts Supreme Court dismissed a class action suit by dozens of credit unions against BJ’s Wholesale Club.  BJ’s, based in Framingham, MA, has more than 8 million consumer shopping club members.  The plaintiffs were claiming substantial damages after more than 8 million of its credit cardholder records were compromised in 2004. They maintained that BJ’s was negligent in not adequately safeguarding customer credit card data.

Two weeks before the BJ’s decision, a New Jersey district court judge summarily dismissed a class action suit by shareholders and others against Heartland Payment Systems, Inc.  Heartland is a NYSE-listed provider of merchant credit card processing that had as many as 130 million credit card records compromised in late 2008 – making incident the largest credit card data breach in history.  The complaint claimed that Heartland had publicly misrepresented the level of its data security diligence leading up to the incident and should have done more to prevent the exposure of data.

The dismissals appear to be based largely upon narrow legal arguments, such as whether the plaintiffs had proper standing to bring such an action, and whether tangible damages could be proven.  In both decisions the courts concluded that, despite their loss of data, the companies had not publicly misrepresented their level of diligence in protecting cardholder data entrusted to them.

While the courts’ actions were decisive legal victories, and set precedents in the tort community foretelling that such class actions claiming extraordinary damages from breaches might not be so easy to prove in the future, otherwise the litigations were somewhat anti-climatic and beside the point.

In the higher court of public opinion, BJ’s and Heartland, TJX, Hannaford Brothers Supermarkets and the dozen other major credit card breach targets of the past decade already had been sentenced to a lost measure of hard-earned brand reputation from the moment their breaches were disclosed.  The degree to which the public trust dissipates when there is a breach varies depending upon the size of the breach, the nature of the business and the deftness of each company’s response to the crisis. Are these companies cast as victims of a crime, or – by lax security misfeasance – unwitting accomplices?

A company’s reputation has a value far beyond quantitative dollar damages.  That is why, especially, merchants that trade on trust– such as insurance companies, banks, lenders and other payment services – are often looking beyond the arguable validation of safety that comes with Payment Card Industry Data Security Standards compliance. Instead, they are more concerned about finding a virtually fool-proof way to prevent a data compromise whether or not it is beyond the PCI guidelines.

As long as cardholder data remains in the merchants system in any form, encrypted or not, there is some chance of accidental or malicious data compromise, especially when the data, or the decryption codes to the data, are “in motion” traveling between servers, databases and parties.

On the other hand, tokenization, like EPX’s patent-pending BuyerWall™ suite of  card data replacement code technologies, offers merchants as close to absolute reputation protection as is possible today.  With BuyerWall, at-risk card numbers never reside in a merchant’s IT systems in the first place; there is nothing of value to be lost or stolen.  At-risk cardholder data is substituted with BuyerWall ‘BRIC” transaction reference codes.  BRIC codes (sometimes referred to as “tokens”). BRICs are safer than encryptions because they i) are not derived from credit card numbers and ii) the original data is not kept in the merchant’s environment. The sensitive card data is vaulted safely in EPX’s ultra-secure environment – subject to the most rigorous PCI external auditing and other requirements.

As it happens, elimination of card data through tokenization also greatly simplifies PCI compliance and remediation by taking most of a merchant’s card data topography effectively ‘out of scope.’  But, for the many merchants focused on brand risk more than arbitrary rules or security costs, it is the near certainty of data security that can come the absence of card data that gives C-level executives and directors one less surprise to worry about at night.

Tags: , , , , , , , , ,
Posted in EPX Commentary | No Comments »

In Search Of A Quick Fix For Cardholder Data Security, Merchants Need Not Look So Far

December 18th, 2009

By: Charles Crawford

In a by-lined piece published in cio.com, well-respected security expert and author Ben Rothke wrote “…people don’t want to invest in long-term security plans. They want their security band-aid now, despite the fact they have never built security into their designs or processes.”  He went on to praise the PCI Security Council’s vision: “The genius of the PCI DSS (and when PCI is compared to regulations such as SoX and GLBA, genius is indeed an appropriate term) is that it has sensible concepts such as an open formal feedback process, trend analysis, impact evaluation, guidance and much more built into the very fabric of the standard.”

I find myself usually agreeing with Rothke’s well-reasoned perspectives.  Indeed, it is especially easy to agree that businesses should have a culture that promotes holistic security, must not consider compliance an end unto itself, and that the processes of security must evolve ahead of the threats.

Where I take issue with Rothke’s article, “PCI Debate Ignores Planned Improvement Cycle,” is in the apparent limitation of his perspective to traditional security remediation solutions.  If the path to sufficient cardholder data security certainty can be achieved only through ratcheted, ever-more-effective and pervasive layers of encryption, firewalling, intrusion prevention and other hardening, then I suppose Rothke’s point is well taken, albeit worrisome. What follows logically is that merchants should “man up” and embrace a future of never ending “improvement cycles” that require lots of money, effort, time and discipline (notably external discipline) in their quixotic journey toward “breach-proof” data.

What is taken too lightly is the role innovation already is playing.   Less costly and pragmatic ways of avoiding data compromise are fast gaining acceptance as viable alternative among recession-weary merchants.

The PCI Council got it right when they set as milestone #1 of their Prioritized Approach to Pursue Standard Compliance “Remove sensitive authentication data and limit data retention.” EPX, for one, provides merchants a pre-emptive solution with exactly that purpose: total elimination of cardholder data from merchant systems so that it can’t be lost or stolen.

Conventional thinking is for merchants to use matrix of remedial techniques, gambling that the data they hold will so be perfectly  sequestered and disguised it might not get compromised – at least, if everything works as planned and criminals don’t get any more clever.

EPX, on the other hand, concluded that the surest way to avoid data loss is for the merchant never to have the data in the first place. Instead of keeping card data, EPX merchants operate normally using GUID transaction reference codes called BRICs.  BRICs are used as card numbers would otherwise be, for transaction receipts, customer service returns, refunds, chargeback responses, follow-on purchases and all other operational and financial purposes.   BRICs are not encryptions and not derived from credit card numbers, therefore have no street value if lost or stolen from the merchant.

For EPX, tokenization comes as no band-wagon initiative like we now are seeing from Paymentech, First Data and others. In fact, EPX started routinely processing with “replacement values codes” in 2001 …three years before the first PCI Standards were published.  Our processes evolved over the years into the comprehensive, patent-pending suite of cardholder data security technologies we now call BuyerWall™.

As the Council and many others have said, there is no “silver bullet,” no single solution – even tokenization.  We make no claim that EPX BRICs are such.  Yet, properly constructed and managed tokenization also is no “band-aid” that Rothke so wisely mocks. When the card numbers are gone, they’re gone. There’s not much left for the merchant to safeguard. And, once implemented, EPX requires no extraordinary “improvement cycles” or investments to maintain the security of the data.  In fact, security of the data becomes a responsibility for which EPX is well prepared, since, as a processor, we have always had to take special care with data and are subject to the PCI SCC’s most rigorous compliance requirements (Level 1).

Is it so, that “people want their…security now No doubt about it. But, I say “why not?” Merchants deserve pragmatic solutions that can achieve even a higher standard of security without costly and cumbersome techniques that may or may not ultimately prove effective enough.

Rothke says there is genius in the PCI’s process of ever-evolving standards.  I think their real genius of the Council is its professed technologic agnosticism which, generally, is supposed to allow merchants to achieve card data security with whatever technology and processes work best for them.  In that spirit, merchants have more to choose from than Rothke seemed to acknowledge.

—————————–

Charles Crawford is EVP of Strategic Development for EPX

[1] http://www.cio.com/article/495093/PCI_Debate_Ignores_Planned_Improvement_Cycle?taxonomyId=3000; June 2009

Tags: , , , , , , , , , , , , , , , ,
Posted in Uncategorized | No Comments »

Payment Processing Outsourcing Is Gaining Acceptance Among Merchants

December 14th, 2009

In a recent Practical eCommerce article by Kevin Patrick Allen titled “PCI Exec Suggests Payment Outsourcing for Smaller Merchants,” Allen interviewed Troy Leach, chief technology officer of the PCI Security Standards Council.

In the interview, Leach discusses an industry trend in which smaller merchants are outsourcing their payment processing and PCI compliance validation to third-party organizations who have technical know-how, payment processing knowledge, and PCI compliance expertise.

[Smaller merchants are] “recognizing they don’t have a dedicated IT shop in house,” said Leach. “They don’t have dedicated security staff that can support ongoing security. What they need to do is to outsource to a service provider that has that security skill set that has that fundamental understanding of just how a payment process works.”

We at Electronic Payment Exchange (EPX) believe that Leach is right on track with his assessment. The Payment Card Industry (PCI) – an association of card issuers including Visa, MasterCard, American Express and Discover – requires all merchants that process, transmit, or store cardholder data to meet a set of Data Security Standards (DSS). Normally, achieving these standards requires an enormous investment of both time and money from merchants.

Rather than asking merchants to deal with the technical burdens and expenses of meeting the standards and building and maintaining their own credit card processing and ACH processing solutions, EPX provides hosted solutions that facilitate payment processing and help merchants reach PCI compliance.

In fact, EPX been encouraging merchants for years to outsource their payment processing and PCI compliance needs to EPX. Realizing the increased focus on PCI-compliance, EPX is revolutionizing the payments industry through the development of fully integrated payment solutions that enable merchants to efficiently, securely, and cost-effectively process credit card, debit card, stored value, and ACH payments. By incorporating our patent-pending BuyerWall™ technology into our solutions, we lead the way in helping merchants achieve PCI compliance.

To read the full Practical eCommerce article, see http://www.practicalecommerce.com/articles/1439-PCI-Exec-Suggests-Payment-Outsourcing-for-Smaller-Merchants.

Tags: , , , , , , , , ,
Posted in EPX Commentary, Payments Industry News | No Comments »

Will Accepting Credit Cards Increase Sales?

December 7th, 2009

Accepting credit cards as a means of payments can definitely increase sales, but you need to select a credit card processor that will help your organization achieve PCI compliance, point you in the right direction, provide needed assistance, and charge competitive rates.

An article, recently published on ArticlesFactory.com (“Overview of Credit Card Payment Processing System” by Surajk Kumar), suggests that a considerable increase of profits can be gained with the right credit card processor to accept major credit and debit cards for payments. The article discusses streamlining the flow of payments and the ability to except payments anywhere in the world.

When searching for a credit card processor and related tools, consider the following:

  • How long has the payment processor been in business?
  • What types of credit cards do they process?
  • Can their system except and convert multi-currency types?
  • What are the credit card processing fees and debit card processing fees?
  • Does the processor offer solutions that help your organization achieve PCI compliance?
  • Does the payment processor also accept ACH payments?

As the credit/debit card industry continues to grow, more new and powerful credit card program options become available. EPX continues to design new ways for businesses, large or small, to except major credit/debit cards, which will increase profits for your business.

EPX has developed a solution called EPX vPost which emulates the basic functionality of a point-of-sale terminal. EPX vPost is a robust, browser-based terminal, hosted by EPX, that handles keyed and swiped transaction authorizations. EPX vPost is designed to handle transactions from high-volume merchants, which includes:

  • Point of Sale swipe
  • PIN debit
  • Mail order / telephone order
  • Ecommerce

EPX vPost offers real-time credit/debit card authorizations, including AVS and CVV checks. The program enables the merchant to customize the look and feel of their individual implementations. With the ability to manually enter or swipe credit/debit cards for sales transactions, EPX has also designed the program to support check readers and receipt printers allowing merchants to have additional options.

In addition, EPX vPost, as well as all of EPX’s BuyerWall-based solutions, help merchants achieve PCI compliance.

Tags: , , , , , , , , , , ,
Posted in EPX Commentary | No Comments »

Data Breach – Will it ever stop?

November 30th, 2009

Data Breach – Will it ever stop? Probably not, but we are making strides in the right direction.

A recent article published on Forbes.com (“The Year Of The Mega Data Breach” by Andy Greenberg), points out that although the number of data breaches dropped by 50% in 2009, the actual number of records breached has increased by 185 million. While most of the records were lost as a result of a large credit card processing firm’s breach, nearly 80 million more records were breached as a result of an unprotected hard drive being sent by a company to a third-party organization for repair.

While evidence shows that there is an increase in the use of tokenization, encryption, and other data loss prevention technology by organizations who process sensitive data, secure technology is not in use in high numbers. Human actions cannot be controlled in the same manner as technology, so when people choose to bypass technology, corruption and data breach are within reach.

With the constant threat of data breach, Electronic Payment Exchange is always researching and developing new ways to protect personal data from being accessed by unauthorized individuals. EPX is the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle. Using encrypted card readers with EPX’s BuyerWall™ credit card data tokenization technology, EPX has virtually removed merchants’ point-of-sale systems and card readers from the scope of PCI compliance and has substantially eliminated merchant liability associated with the risk of processing, transmitting, and storing sensitive cardholder data.

Tags: , , , , , , , , ,
Posted in EPX Commentary, Payments Industry News | No Comments »

Government Accountability Office Issues Report on Interchange Fees

November 23rd, 2009

A long-awaited report from the Government Accountability Office (GAO) was finally issued in late November, but it didn’t seem to offer any indication of relief. While the report did acknowledge that the increase in interchange fees have driven up costs up for all consumers, merchants are forced to pass the rising costs of card acceptance on.

The report does recognize that while some interchange rates have gone down in the past 18 years, the majority is split between staying the same and rising, with interchange on rewards cards jumping by 24% since the premium programs were introduced in 2005.

The GAO Report concludes with four options designed to lower merchants’ costs for card acceptance, but with the caution that “impacts on cardholders could be mixed and each option has implementation challenges”:

  1. Limiting or capping interchange fees – Regulatory action to cap interchange may help merchants limit or reduce their costs, but the report warns those costs may shift to consumers, and possibly lower consumer spending. “A challenge for implementation would be setting and maintaining interchange fees at a level that effectively balanced the costs among networks, issuers, merchants, and consumers, which economists and others agree would be very difficult to do.”
  2. Requiring the disclosure of interchange fees to consumers – The intent of this option is to affect consumer spending habits, but this may be fundamentally difficult to implement as interchange is not determined until settlement. Beyond the confusion it would undoubtedly create for those consumers who did look at the information, most of the report’s participants agreed that most consumers would disregard the information.
  3. Loosening restrictions on merchants for card acceptance – Currently, the card networks prohibit steering the customer towards less expensive forms of payment by prohibiting minimums or surcharges. This option could result in backlash for consumers with expensive cards being unable to use the cards and facing higher direct costs.
  4. Allowing merchants and issuers to directly negotiate interchange fees – This would require the rare granting of an anti-trust waiver to allow merchants and issuers to negotiate rates. As with the first and third options, this may create a negative backlash for consumers.

Tags: , , , , , , , , ,
Posted in Uncategorized | No Comments »

« Older Entries