EPX Online Payment Processing Recognized as “One of the Best Options Available” by TopTenReviews.com

September 3rd, 2010

EPX has been officially recognized by TopTenReviews.com as one of the best providers of online credit card processing. TopTenReviews.com also provided a non-biased review of EPX and our processing technology.

Tokenization technology has been one of the key features of EPX payment processing for more than 10 years. The fact that other processors are starting to follow our lead is not surprising considering Visa recently published their tokenization best practices. With more consumers turning to non-cash payment forms, merchants will realize the importance of securing their data using the industry-leading methods provided by EPX’s tokenization technology.

The editors at TopTenReviews.com see absolute value in EPX’s tokenization technology.

“Overall, we are very impressed with the service to accept credit cards online with EPX. The innovative use of tokenization provides a level of security we didn’t see elsewhere, and we wouldn’t be surprised to see others follow their example.”

EPX provides significant cost savings to our clients when dealing with interchange fees. Other processors take the easy way out and charge flat fees regardless of what the interchange rate actually turns out to be. What they don’t take in to consideration is that interchange rates are freely available to merchants on the Visa and MasterCard websites, and a little research would show the massive price differences. Processors try to look good by offering Preferred tier rates, but they don’t tell merchants that most of their transactions will not qualify for the Preferred rate.

EPX passes the interchange rate through directly to our clients, with no hidden costs. In essence, all transactions get the rate they deserve, especially because EPX utilizes its interchange optimization technology on every client and every transaction to make sure all the savings are realized.

The editors at TopTenReviews.com also give high marks to our approach to pricing.

“But even better, they don’t use a traditional tiered discount rate system. While other merchant account providers simply dump every transaction into a pre-defined “bucket” or tier with an assigned rate, this company uses interchange optimization technology to match individual transactions to the best rate possible. You can be sure that you’re getting the lowest fee for each transaction, regardless of the specifics or individual exceptions.”

Chargebacks are a reality for any business and are usually a paper-intensive, time-consuming part of your operation. With EPX webSuite, your organization can receive and adjudicate chargebacks online — leading to time and cost savings. TopTenReviews.com addresses EPX’s superior approach to addressing chargebacks.

“While chargebacks are a part of online credit card processing, they don’t have to be a pain. You can eliminate the weeks of paperwork by taking care of chargeback adjudication online. Furthermore, the company will back you up and help you deal with rebuttals rather than leaving you to fend for yourself on chargebacks.”

Not only are chargebacks automatically linked to their respective transactions, but adding notes and attachments, and then accepting or representing the chargeback couldn’t get any easier with EPX webSuite. In some cases, our EPX Relationship Managers and Chargeback Specialists will even do the work for you. All of your chargebacks are centralized in one location and available for reporting on demand, and for those chargebacks that you do accept, they’re separated out on your billing statement so you don’t have to go digging for facts. EPX statements are easy to read and full of information.

Read the full review online at http://accept-credit-cards-online-review.toptenreviews.com/ and http://accept-credit-cards-online-review.toptenreviews.com/epx-review.html.

Tags: , , , , , , , ,
Posted in EPX Commentary | No Comments »

EPX is seeking a Terminal Support Representative

September 1st, 2010

EPX is seeking a terminal support representative for our Wilmington, Delaware office. To apply, submit your resume to hr@epx.com.

Job Summary:

Responsible for Point of Sale terminal integration and helpdesk support.? This includes software downloads, file changes and hardware troubleshooting.? Some travel to client locations may be required.

Essential Job Functions:

Helpdesk /? Technical Support

  • Provide Point of Sale helpdesk support for inbound merchant calls
  • Troubleshoot hardware issues
  • Build terminal download files
  • Initialize terminals
  • Test hardware before releasing to client
  • Add new equipment requests to existing merchant accounts
  • Follow up on any open system tickets related to equipment issues
  • Assist with installation and training of merchant equipment when necessary
  • Maintain new merchant setup and deployment tracking within CRM system
  • Assist Sales and other business areas with technical support for potential merchants and strategic alliances

Technical Documentation Assistance

  • Work with Technical Publications to create, maintain and update any merchant, user or Quick Reference guides
  • Assist in documenting department processes

Qualifying Experience:

  • High school diploma required
  • 5 years customer service experience
  • Extensive terminal knowledge
  • VeriCentre and Term Master Experience Required
  • POS systems experience a plus (Micros, Aloha, Digital Dining, RMS)
  • Knowledge of computers and Windows-based applications
  • Customer service experience, including strong written and verbal communication skills
  • Ability to work well individually and as a team member
  • All other duties as assigned

Note: Job Description is not inclusive, and is subject to change with the growth of the position and the company.

To apply, submit your resume to hr@epx.com

Tags: , , , ,
Posted in EPX News | No Comments »

All roads lead to EPX…

August 17th, 2010

…or so it seems.

Since January 1, 2010, nearly 2,000 different keywords and search phrases leading to www.epx.com have been entered into Google. Some high ranking search phrases are expected, like “EPX” and “tokenization,” but some others are surprising.

For example, “EIRF” is a frequent search term that leads to EPX.com (to this blog especially), but “bandwagon software music” is a strange one. Some other strange Google search terms that led to epx.com include “are electronic payments protected for death? ” and “4 letter word for a bank transaction.”

Take a look at the list below to see some of the most frequently used terms and phrases that direct people to epx.com via Google.

payment processing
merchant account
credit card processing
credit card processing online
eirf
epx credit card processing
epx processing
phoenix payment systems
ach processing
epx credit card
epx.
payment exchange
electronic payment
ep-x
credit card payment processing
epx payments
electronic payment processing
electronic payment exchange (epx)
epx tokenization
visa eirf
pinless debit rules
epx.co
secure payments
buyerwall
epx buyerwall
epx merchant services
epx vpost
the payment exchange
eirf visa
sign on epx
electronic payment exchange epx
.epx.com
epx wilmington
gartner epx
electronic payment process
electronic payments exchange
epx payment
paypage
epx electronic payment exchange
epx merchant
epx payment processing
epx.ocm
online payment processing
pinless debit
wwwepx.com
accept credit cards online
epx bric
epx phoenix
epx.cpm
shift4 epx tokenization
tokenization
vpost.epx.com
epx processor
web payments
www.epx.com.pl
eirf interchange
eirf transaction
epx credit
epx gateway
epx security
list of eft networks
pinless transaction
arizona ach payment processors
ecommerce credit card processing
electronics payment exchange
epx .com
epx ach
epx delaware
epx merchant processing
epx wilmington delaware
news in the payment industry
pay page
payment processor
pinless debit card
pinless debit rates
shift4
vpost
internet credit card payment processing”"
electronic payment exchange delaware
electronic payment exchange inc
electronic payments network affiliated banks
epx credit cards
epx shift4
exchange payment
heartland payment
matt ornce
site:epx.com pci participating organization
www.epx.cm
www.epx.xom
accepting credit cards

Tags: , , , , , , , ,
Posted in EPX Commentary | No Comments »

EPX Welcomes Third-Party Validations of Tokenization and Payment Processing Outsourcing

July 20th, 2010

Editor’s Note: It’s always encouraging to see EPX competitors follow in our footsteps. Just as competitors are following our lead by touting the benefits of tokenization technology, several competitors are even beginning to issue press releases that mirror ours. I guess imitation is the sincerest form of flattery.

Electronic Payment Exchange (EPX), a full-service payment processing organization, announced today that their organization welcomes the recent third-party validations of cardholder data tokenization and payment processing outsourcing. Newly announced global industry best practices for tokenization from Visa Inc. validate EPX’s long-standing deployment of tokenization technology for securing cardholder data. Additionally, a June 2010 security brief from RSA supports EPX’s approach to tokenized payment processing outsourcing by referencing an EPX client case study that shows how tokenization and payment processing outsourcing reduce merchant costs and other burdens associated with securing cardholder data.

The recent release of Visa’s tokenization best practices provides valuable guidance to merchant organizations seeking to utilize tokenization solutions for securing cardholder data. As the first organization in the payments industry to engineer and deploy tokenization technology, EPX welcomes Visa’s focus on and validation of tokenization solutions.

In version 1.0 of the Visa Best Practices for Tokenization document, Visa establishes best practices related to four critical components of tokenization: token generation, token mapping, card data vault, and cryptographic key management. Visa provides further recommendations regarding tokenization system configuration, implementation, and management, and offers guidance on the management of historical data.

EPX, which has offered merchants tokenization technology since 2001, abides by one hundred percent of the best practices established by Visa and views the best practices as reinforcement of EPX’s approach to tokenization. According to EPX Chief Security Officer Matt Ornce, “Visa is now confirming what we have been saying and practicing for years. Merchants that properly implement a sound tokenization solution are able to limit cardholder data storage in their environments. In turn, this simplifies merchant PCI DSS assessments by reducing the scope of their compliance requirements, associated costs, and implementation. This makes merchants of any size more secure and brings them into compliance easier, faster, and with less expense.”

Further validating EPX’s approach to payment data security, a June 2010 security brief released by RSA provides insight into how tokenization can be combined with payment processing outsourcing to relieve merchants of the burden and potential costs associated with securing cardholder payment data. Using an EPX client who annually processes tens of thousands of ecommerce transactions as an example, RSA pointed out that the merchant organization substantially reduced its PCI compliance burden. The security brief also establishes that, over the next several years, many payment processing organizations will introduce outsourced payment services to manage cardholder data risks on behalf of merchants. The brief provides additional insight by stating that the most effective outsourced payment services will use a combination of tokenization and encryption.

EPX has provided payment card security outsourcing for ten years and was the first payment processor to actually market, sell, and implement a solution that uses both tokenization and encryption for securing card data from the card swipe through the entire transaction lifecycle. By processing through EPX, individual merchants have reduced their initial PCI compliance burden by millions of dollars and continue to realize significant annual savings.

EPX welcomes the third-party validation of payment processing outsourcing and the use of tokenization plus encryption technologies. “It is great to see that leaders in the payments and security industries are recognizing EPX’s accomplishments,” EPX Chief Executive Officer Ray Moyer said.

Tags: , , , , , , , , , , , , , , ,
Posted in EPX Commentary, EPX News, Payments Industry News | No Comments »

The Tokenization Bandwagon Is Music to Our Ears

June 23rd, 2010

In May, EPX issued a press release entitled “Electronic Payment Exchange Enters its Tenth Year of Issuing Tokens for Securing Credit Card and ACH Transaction.” The fact that EPX pioneered such a novel and important technology for protecting merchants and cardholders from the risk of data compromise was not unusual.  Our company was founded in 1979 as the first independent processor of electronic checks for merchants. Since then, we’ve been consistently bringing important innovations to market.   But giving merchants and consumers the protections of  credit card data “tokenization” in early 2001 was all-the-more impressive when seen in the context of the Times.

Back then, cardholder data security was not exactly the front-of the-forehead issue that it is today.  There had not been a notable card data breach in the 35 years since revolving credit cards had been used. The first relatively large and publicized incident came just after the Y2K ball dropped in Times Square in January 2000. Online retailer CD Universe exposed 300,000 customer card records.  (Of course nowadays a breach exposing a mere 300,000 records would be considered a lucky break.) Since that first major incident, ever more damaging breaches have occurred like clockwork. Two were of Guinness proportions: retailer TJX in 2007 and processor Heartland Payments in 2009, both of which reportedly exposed more than 90 million card numbers.

When EPX started tokenizing data, Visa had just begun to formulate the first generation of data security standards.  At first, Visa’s compliance targeted only e-commerce payment gateway operators, not merchants. MasterCard did not initially see the need for standards, so offered data security consulting services. The launching of the Payment Card Industry Security Standards Council was still five years away.

So, understandably, EPX’s breakthrough came with no public fan-fare and unknowable future significance. Our engineers simply were looking for a way to make transaction lifecycles and follow-on transactions more efficient, and our merchant customers more secure.  Being engineers, they didn’t call what they created ‘tokens.”  They called the codes card data “GUIDs” and “Replacement Values.” (Surprising, isn’t it, such a sexy name didn’t catch on?)  The generic catch-word for such codes, “tokens” did not come into vogue until 2005 when Las Vegas payment gateway operator and software licensor, Shift4, Inc. coined the term.  (Shift4’s process of code generation within the merchant’s environment, and their data flow is significantly different from EPX’s off-premises approach, but more or less aims at the same purpose.)

As EPX gained practical experience, naturally we kept evolving and perfecting our technology to make it more effective, practical and efficient.  As breaches kept hitting the headlines, we kept hearing loud and clear from merchants, particularly CTOs, that they would be delighted if they never had possession of the vulnerable cardholder data in the first place. And, they truly loathed having to spend so much time and IT budgets system major (non-ROI) system remediations to comply with new PCI Data Security standards.  With this guidance from the market, along came another set of EPX breakthroughs in 2005.  We invented a number of methods for at-risk card data to be securely captured and stored only by EPX and never routed to the merchant. Ever. We filed for a patent for the sophisticated processes that are now at the heart of EPX’s BuyerWall™ security suite.

As the number and scale of data breaches increased over the years and PCI compliance became mandatory and urgent, the IT Establishment naturally first turned to the familiar techniques they had been taught in schools and had been using for decades: encryption, firewalls and other data “hardening” techniques. Several front-end only gateway operators had been offering forms of tokenization.  There also were several companies providing software-as-service (SaaS) outsourced tokenization and still others selling do-it-yourself in situ tokenization hardware and software to merchants.  Yet, tokenization remained mostly marginalized as an emerging technology …and too-good-to-be-true… by Conventional Wisdom.

Then, a funny thing happened along the way to achieving cardholder security Nirvana:  Heartland.  Heartland Payments and others quickly became iconic in proving that Encryption Does Not Necessarily Equal Security.  Since Heartland, hard-pressed CTOs and cash-strapped CFOs have been gradually opening their minds and wallets to alternative security approaches like tokenization.

Yet, oddly, EPX stood alone for all these years as the ONLY full authorization / capture /clearing / settlement processor providing tokenization.   The giant end-to-end processors like Global Payments, TSYS, Elevon, Fifth Third, and First Data Corporation stayed on the sidelines, leaving it to their merchants to solve the card data security problem on their own. Finally, in 2009 Fifth Third Bank (which has its own in-house front and back-end processing) and then First Data (the world’s largest processor) respectively launched their versions tokenization. JPMorgan Chase’s Paymentech merchant acquiring company is not a self-contained end-to-end processor, but in the past few months has been sporadically promoting its Orbital gateway as having tokenization capabilities…although they appear to be using bolted-on functionality provided by a third-party vendor.

Tokenization is not only a solution for credit cards, but also for other forms of payment.  A few weeks ago, ProPay, a well-respected Salt Lake City-based payment ecommerce gateway company, made a nationwide announcement that it can now can encrypt and then tokenize electronic check routing and account holder data that is used in ACH transactions.  Likewise, on May 19th, Sarasota, NY-based ACH Payments, Inc. said it now will tokenize checking account numbers used in its ACH processing.  ProPay’s COO was quoted as saying: “ProPay is leading the industry and applying the same technology for protecting payment card information to the protection of ACH data…”  We at EPX appreciate the executive’s exuberance; however, the “leading the industry” part was a bit over-stated considering that EPX started tokenizing ACH transaction data as well – more than nine years ago.

EPX always knew that what we innovated in 2001 would not suffice as the complete answer to data protection. Tokenization, for sure, is elegant and powerful…and is especially cost-effective for complex enterprises with lots of locations and transactions. It mitigates the vast majority of cardholder data risk – substituting codes for card numbers stored or “in motion.”  In the case e-commerce transactions, the vulnerable data can be directly captured, encrypted and tokenized from the moment a customer or clerk keys in the data.

However, things are a little more complicated for retail POS “swipe” transactions. The card data can be potentially vulnerable for what I call the “first inch” – i.e., the momentary transit between the magnetic stripe to the point the data reaches the POS terminal or the payment module within a POS retail management systems’ software.  Although only briefly exposed, the can be skimmed or otherwise criminally compromised.  Also, such exposed card data at the front end-point of a transaction remains ‘in scope’ and subject to more cumbersome PCI Data Security Standards reporting.

We at EPX knew this was a problem to be eventually solved.  We watched with particular interest last October as First Data Corporation and RSA (the security division of EMC Corp.) announced their solution: instant encryption as the data is captured by a POS terminal, then tokenization of the data once it is captured by First Data’s processing platform. They call their product (still being field tested) “TransArmor.”

We applaud First Data’s adoption of encryption+tokenization and expect the technology to be a game-changer in the industry due to the huge number of merchants FDC supports.  And we welcomed the recent announcement by TransFirst’s Payment Processing International subsidiary (an ISO with a gateway) of offering encryption+tokenization capability.   However, true-to-form, all this big news is déjà vu for EPX.   In July 2009, EPX already had become the first processor in the world to introduce just such a solution –encryption of data all the way from the mag stripe to EPX’s firewall, then tokenization of the data once it entered our processing environment.  EPX’s encryption + tokenization is functionally consistent with what First Data/RSA and PPI later announced.  EPX uses an encrypting swipe device to capture the vulnerable data.  We hold the only decryption key to the swiped data in our secure processing environment (i.e., neither the merchant nor any other party ever has access to the decryption key).  We and our merchants use EPX BRICs (tokens) exclusively as transaction reference codes for all operational reference purchases thereafter.

These days there are an increasing number of companies offering what might be broadly called “tokenization.”  The differences between approaches can be hard to discern.  The most important differentiator, however, is in the fundamental integrity of the token creation protocols.   From the beginning, EPX engineers had the foresight to not take the obvious short-cut of simply creating the token algorithms from credit card numbers and banking account numbers.  EPX codes, instead, are based upon the unique and very specific characteristics of each specific transaction and its place in time, among other characteristics.  In retrospect, as criminal rings have become so much more skilled at reverse-engineering financial account numbers, we now know how much more secure is the EPX approach than others.  If the card number, or checking account number is not in the merchants systems – or the source of the tokens – the data cannot be stolen and deciphered.  In other words, it has no “street value.”

In the 31 years EPX has been in payments business we have made many breakthroughs by simply pursuing what is most effective, what is most efficient and what serves our merchants best.  We never have waited for others to lead the way, nor will we in the future.

Posted by Charles S. Crawford
Executive Vice President
Strategic DevelopmentElectronic Payment Exchange

Tags: , , , , , , , , , , , , , ,
Posted in EPX Commentary | 2 Comments »

Electronic Payment Exchange Enters its Tenth Year of Issuing Tokens for Securing Credit Card and ACH Transaction Data

May 26th, 2010

EPX began Offering Tokenization Solutions in 2001

Electronic Payment Exchange (EPX), a full-service payment processing organization, has entered is tenth year of issuing tokens as a means of securing credit card and ACH transaction data.

In early 2001, EPX engineered and deployed the payment industry’s first tokenization technology, which has protected hundreds of millions of financial transactions and helped merchants eliminate the liabilities associated with storing unprotected payment data. EPX’s proprietary tokenization technology replaces the sensitive payment information with unique IDs, which the payments industry has since come to call “tokens.”

For each transaction processed by EPX, patent-pending EPX BuyerWall™ technology issues a BRIC (BuyerWall Recognized Identification Code) token to the merchant, which is meaningless to would-be thieves. The BRIC allows the merchant to maintain total control of the customer experience and realize all of the capabilities that previously required the storage of cardholder data including refunds, recurring transactions, and historical review.

“As an innovator of tokenization in the payment processing space, we have been helping merchants effectively secure their payment data for nearly a decade,” said EPX Chief Security Officer Matt Ornce. “The industry has recently seen a rash of new entrants to the tokenization space. I applaud their efforts to catch up to our tokenization technology. However, I would caution merchants against using unproven solutions.”

“All tokens are not the same. Some tokenization solutions that have recently come to market don’t provide optimal security, since their tokens can be reverse-engineered to reveal their corresponding card numbers,” explains Ornce. “EPX tokens provide ultimate security because they are not derived from card numbers, and therefore cannot be reverse-engineered into meaningful data.”

Ornce says that another key differentiator between EPX’s tokenization solution and those of competitors is that EPX tokenization technology is “built in, not bolted on” to its payment processing platform. EPX’s payment processing platform was built with tokenization as an inherent component, while other payment processors have modified their legacy systems by adding on tokenization modules.

In addition to using tokenization for protecting credit card data, EPX tokenization technology has also been securing electronic check (ACH) payments since 2001. Contrary to recent claims by competing payment processors who reported that they were the first to offer tokenization of ACH data, EPX stands alone as the first to apply tokenization technology to ACH payments.

EPX has been an innovator and active leader in the payment processing space since 1979, and its nearly 10 years of using tokenization to protect credit card and ACH payments is further evidence of EPX’s commitment to protecting merchants. According to EPX Executive Vice President Charles Crawford, “In the 31 years EPX has been in the payments business, we have made many breakthroughs by simply pursuing what is most effective, what is most efficient, and what serves our merchants best.  We’ve never waited for others to lead the way, nor will we in the future.”

Tags: , , , , , , , ,
Posted in EPX Commentary, EPX News, Payments Industry News | No Comments »

« Older Entries