GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

A political action plan for ISOs


Industry Update

New best practices for data storage

Financial reform bill passes. What now?

Cash-only holiday to protest Durbin Amendment

ETA/Strawhecker report: Reason for optimism


Research Rundown

Top 25 privately held industries for the last 10 years

Selling Prepaid

Prepaid in brief

Evolution Benefits ties prepaid to philanthropy

What's next in gifting technology

Walter Paulsen
Giiv Inc.


Three kinds of consolidation to watch

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:
Is dial dead?

Ken Musante
Eureka Payments LLC

Agent or employee: Which are you?

Adam Atlas
Attorney at Law

Budgeting: A crucial management skill

Vicki M. Daughdrill
Small Business Resources LLC

Best practices for crisis communications

Peggy Bekavac Olson
Strategic Marketing

Putting the cold call in its proper place

Jeffrey Shavitz
Charge Card Systems Inc.

More than PCI

Tim Cranny
Panoptic Security Inc.

Avoid 'always be closing' and other old traps

Jeff Fortney
Clearent LLC

Company Profile

Voltage Security Inc.

New Products

Determine the best interchange for each transaction

Merchant Warehouse

Layered protection for ACH

ProtectPay ACH
ProPay Inc.


Focus on success with self-help CDs



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

August 09, 2010  •  Issue 10:08:01

previous next

New Products

Layered protection for ACH

Product: ProtectPay ACH

While the Payment Card Industry Data Security Standard has grown increasingly visible and well-known in recent years, some say the security of electronic funds transfer (EFT) payments has received comparatively little notice.

To be sure, automated clearing house (ACH)-based EFT transactions are on the rise, and rising with them are instances of security breaches. According to the FBI, fraud related to EFT - meaning the transfer of money from one bank account to another, without the use of a paper check or payment card - rose over $120 million in 2009.


"Part of the challenge of protecting ACH transactions is there has been so much focus on PCI, that companies go, 'Oh, I didn't realize I had sensitive data in my ACH files,'" said Chris Mark, Executive Vice President, Data Security and Compliance for the processor and ISO ProPay Inc.

For merchants that conduct ACH transactions, ProPay recently expanded its ProtectPay data security suite to include ACH transactions, an offering it calls ProtectPay ACH.

PANs in a blanket

According to Mark, ProtectPay ACH operates essentially the same way that the existing ProtectPay services operate for payment card transactions, wrapping ACH transactions in a layered security blanket that combines multifactor authentication with tokenization and encryption.

Merchants using ProtectPay ACH can send ACH transactions to ProPay for processing through either the com-pany's application programming interface (API) or its secure web portal. Clients access either conduit by entering a username and password along with some other identifier, usually either an X509 certificate (for large companies) or a "challenge question" about some bit of information that only the merchant theoretically knows.

"Historically, merchants would send account and routing numbers, which is a big risk," Mark said. "Now they don't have to send it to us to be tokenized. We can go in and do a mass import and mass tokenization if they have this database. We tokenize and replace the data in a matter of minutes or hours, and now all they have is a token for when they want to initiate the next ACH transaction."

Clients who log in to ProPay's API or web portal using those credentials may then send a batch of ACH transactions, which are protected by Secure Sockets Layer (SSL) encryption as they travel from the originating business to Propay's storage vault.

"We make sure data sent from the merchant is encrypted using encryption technology where only we possess the decryption key, so even if someone intercepted it they couldn't decrypt the data," Mark said.

Protection with tokens

Merchants who use ACH to conduct recurring billing transactions are provided with tokens, allowing them to conduct chargebacks or call up disputed transactions while rendering all data in their environment useless to potential hackers. Meanwhile, the full card numbers are stored in ProPay's data vault.

"People use the terms 'tokenization' and 'encryption' suggesting they're mutually exclusive, but in reality they're complementary," Mark said.

Mark added that ProtectPay ACH has a wallet component that provides the flexibility to tokenize either individual card numbers or customer accounts that contain multiple card numbers.

ProPay Inc.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios