GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Expanding options through microfinance

Patti Murphy
The Takoma Group


Industry Update

Indictment for gambling processor

EPX, joining end-to-end and tokenization

Be the miracle

A silver anniversary for Fiserv

PCI SSC reaches Iron Mountain appoints new director


Payments on the edge: A conversation with Conrad Sheehan

The irrational truth of customer behavior

Industry Leader

Paul R. Garcia –
Apple thriving close to the tree

Selling Prepaid

Prepaid in brief

A new kind of smart card

A smarter way for the government to pay?

Card payments for caregivers


Financially strapped boost payment alternatives

Patti Murphy
The Takoma Group

Accounts receivable processing and the ISO revenue model

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:
Blackjack savvy applied to merchant acquiring

Jon Perry and Vanessa Lang

How to do effective performance appraisals

Vicki M. Daughdrill
Small Business Resources LLC

Processing continuity: Threats and remedies

Dale S. Laszig
DSL Direct LLC

An operational look at improving sales force training

Deana Sellens
Take Charge Business Consulting LLC

Company Profile

M2 Global Ltd.

New Products

Flag and filter online payments

Shop BuyVoice
Planet Payment Inc.

Merchant management minus tech troubles

Hosted Download Management Service
POS Portal Inc.


Reflect that glory



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

August 24, 2009  •  Issue 09:08:02

previous next

EPX, joining end-to-end and tokenization

Payment processor Electronic Payment Exchange recently launched a data security system for merchants that combines end-to-end encryption and tokenization, two of the industry's most exalted solutions for securing card data. The company said it is the payments industry's first processor to develop a product that joins the two.

"There maybe are a few entities that have tokenization as a real product today, and there are a bunch of entities talking about doing end-to-end encryption for the merchant, but we haven't heard of anybody combining the two, much less delivering the product to the market," said Matt Ornce, Chief Operating Officer for EPX.

EPX Vice President of Sales Jason Gwynn said the joint encryption-tokenization system has been implemented at one merchant location so far, and "several more are lined up that have anxiously been waiting for us to officially release this."

How it works

According to Ornce, the new product keeps card data encrypted from the point of swipe until tokenization goes into effect. Card data that's immediately encrypted at a merchant's store remains that way until a token is substituted and sent back to the merchant - keeping all sensitive card data out of merchant hands, where it has historically been most vulnerable.

"It basically picks the credit card information up directly from the consumer, and goes around the merchant system, brings that information to us - EPX's processor - where we integrate the token [and] pass that token back so the merchant has a reference for that transaction," Ornce said. "From that token they can take actions against that intial transaction - issue a refund or void the transaction. The merchant doesn't have to touch the card number and doesn't even get the opportunity to store the data.

"The part [that isn't tokenized] is from the card reader to our posted Web application that we use in conjunction with tokenization. So the end-to-end encryption provides protection for that track data from the instant that it's swiped through to delivery to us as the processor."

Industry more security-minded

Paul Grill, a Partner at payments industry-focused First Annapolis Consulting, said EPX's new solution is part of a larger trend of more intense security practices among merchant acquirers and vendors.

"I think you look at the EPX announcement in combination with some other activities we've seen amongst the major acquirers, as well as some smaller vendors, you see this trend toward layering in a couple different technologies together," Grill said. "Maybe you're starting with the baseline of PCI compliance, if you will, and the regular blocking and tackling of information and data security and then layering on top of that these additional enhancements.

"I couldn't give you a good answer as to whether or not this will be infallible, but certainly the concept of tokenization does put in an extra and more significant set of barriers."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios