 |
 |
 |
|
 |
|
Secure Socket Layers (SSL) This security protocol sits just below protocols such as HTTP and uses the lower-level TCP/IP to allow SSL-enabled PCs and servers to authenticate to each other. SSL creates single-session key exchange; using public and private-key data encryption (usually 128-bit) from RSA Data Security for enciphering and deciphering encrypted SSL transmissions.
SSL 1024-bit Data Encryption All of EPP's communications and processing occur through Secure Socket Layers (SSL). To ensure a higher level of security, we use 1024-bit SSL encryption with all of our transactions. Any toolkits linked for usage with the EPP gateway are also tested to make sure that security is setup properly. With the proper security layers setup between toolkits and the gateway, we ensure that no information can be stolen and all information is securely transacted. Identification Through "Keys" An older, more conventional way of communicating and identifying with gateways was the use of usernames, id's and passwords. EPP realizes that this method is very insecure. This is why we use a "Key System" for identification. Merchant's toolkits ( e.g. software ) communicate with the gateway by getting assigned a high-bit encrypted string called a Key. When sent into the gateway the key is processed to identify which merchant it belongs to as well as what toolkit it belongs to. This allows the merchants to feel safe that their toolkit source code doesn't contain critical information such as their username and it allows the merchant to separate their toolkits by assigning individual keys for each toolkit. Merchants can revoke keys at any time if they notice a key is being misused by malicious online users and different fraud protection layers can be applied to each key within the EPP Fraud Stopper. Fraud Stopper The EPP Fraud Stopper relies on its Module Stack Design. Each module controls a different aspect of security and the merchants chooses which modules to put on the fraud control stack. Some examples of modules are duplicate transaction control, block by country (and/or state, city, zip, name), auto detection of misuse of toolkit by customer, block by IP and many more. The advantage to this design is it allows the merchant to constantly add/change their fraud controls and EPP is always adding new modules to the Fraud Stopper; always up to date on fraud security issues. Fraud Stopper also allows the merchant to apply different fraud controls to different keys (sources), so a merchant can have high levels of fraud control on their website but low levels on their console for their own employees. New Way of Storing Payment Data EPP realizes that the most common attack to merchants is the stealing of a "list" or "database" of payment information. With this in mind, EPP has developed a revolutionary new way of storing data to stop such attacks. On the EPP system there is no database or list, therefore the idea of getting such a thing by a malicious attacker is impossible. Payment data is stored on an individual basis and can only be viewed on an individual basis by unlocked or "de-encrypting" each one-by-one. There is no reason for a merchant to call up ever a "list" of data. If information is needed, the data is decrypted and un-parsed from the system; a process which takes only 1-2 seconds. Only one instance can be viewed at a time. This "non-database" design of storing payment data provides the utmost highest level of security toward payment storage to date. More Questions? We want to you to be confident in our security standards here at EPP. If there are any questions which we have not answered concerning our security please feel free to email our technical support group for answers at support@expresspayments.com.
|
NEWS & EVENTS
 |
||
|
|||
