The website you have just come from utilises the
e-Path credit card payment gateway to accept credit card charge authorisations from its online customers.
When
paying by credit card online via e-Path you are utilising a
new generation payment gateway engineered from the ground up to remove much of the vulnerability and risk that has plagued the online
e-commerce industry since it first started.
Without permanently electronically storing your credit card, transaction or identity details within its systems, e-Path achieves a level of security that is unmatched within the online credit card payment industry. Quite possibly your credit card details have never before been so secure.
Here is exactly why and how e-Path finally changes things for the better for ....
You, The Cardholder |
|
The Business Owner |
|
Banks (merchant accts) |
|
Credit Card Vendors |
|
|
|
|
|
The overwhelming majority of credit card and identity data theft in the world today can be traced back to highly sensitive credit card and identity details being compromised when permanently stored online, in databases, storage systems, on networks and other types of similar systems.
Subsequently, astronomical amounts of money is spent each and every year in the continuing struggle, day after day, to protect permanently stored credit card details and highly confidential identity information from 'hackers' and 'cyber criminals' on the internet.
To the heartbreak of cardholders and online businesses all over the globe, 'hackers' and 'cyber criminals' are still managing to breach even the strongest of security defences ....
More than 100 million credit cards may have been compromised in data breach
Credit card breach exposes 40 million accounts
40M credit cards hacked
40 million credit cards exposed
Visa confirms another payment processor breach
Despite the well known and recognised risks the practice of permanently and electronically storing credit card details, transaction data and highly sensitive identity information online, in databases, storage devices and within networks remains a fundamental function of mostly all online credit card payment processing methods and many e-commerce websites still to this day. They can't do much about it as this is how the automated internet based card processing system has been designed from the beginning.
But the new e-Path payment gateway is different. Very different.
e-Path has been engineered to remove the need to permanently store highly sensitive credit card, transaction and identity details and subsequently is the first gateway of its type to terminate, by design, the core reason why critically sensitive credit card details and highly confidential identity information potentially becomes available to be compromised, hacked into, copied or stolen in the first place.
When you pay by credit card online using e-Path, not a single snippet of your highly private and sensitive credit card details, or any other details for that matter, will be permanently electronically stored online, in any database, in any storage appliance/device or on any network by the gateway. No names, no credit card numbers, no expiry dates, nothing is permanently electronically stored by e-Path. This, combined with the fact that e-Path creates a separate gateway system with its own unique encryption processes and secure URL for each and every gateway merchant means you are being protected by an entirely new level of security that has simply not existed before.
Once the official bank approved merchant account owner is in receipt of your credit card charge authorisation as far as e-Path and the internet is concerned it is as if that payment never occurred in the first place - nothing exists either online or on any network or in any database, storage appliance or within any electronic system of any type, shape or form with e-Path.
Not only that, once the charge is performed your credit card details will no longer even exist!!! In fact, e-Path is the only payment gateway that guarantees the merchant can ensure their own customers' credit card details do not exist anywhere, either electronically or otherwise, after the transaction is performed.
This extreme level of security separates e-Path from all other methods to accept credit cards online and it represents the ultimate ideal for the protection of all forms of critically confidential data in the age of the internet, not just highly sensitive credit card and identity details...
When highly sensitive credit card details do not exist they can't possibly be stolen!!
The business owner whose website you've just come from is clearly very serious about security. Their decision to utilise the e-Path credit card payment gateway is evidence they are not prepared to compromise on security or risk anything when it comes to protecting their own online customers.
As a business owner accepting credit cards online with e-Path means their private merchant account at their bank is kept well away from the vulnerabilities of being open to everyone on the internet. In fact we completely remove the need to have the merchant account on the internet all together.
With the typical online credit card payment processing system anyone anywhere can enter any credit card they like and it will be attempted to be transacted in to the business owner's private merchant account without the business owner even knowing. That's what 'live' and automated online transactions are.
Make absolutely no mistake about this - this is the number one method used to perpetrate online credit card fraud in the world today which causes material and financial loss to businesses all over the world.
With e-Path this vulnerability no longer exists. We've completely terminated it.
With e-Path no longer can anonymous individuals transact credit cards 'live' and automatically online and in to the private merchant account of the business owner without their knowledge. The closing off of this vulnerability represents a major step forward in improving the security dynamics of online ecommerce activity and management for the business owner.
e-Path finally puts the online business owner where they need to be ... in total control over what online orders they accept and don't accept, and at a far less cost when compared to all other online payment systems
When a bank provides a business owner with an offline card processing/ merchant account facility to enable that business owner to charge credit card payments received online through e-Path, the banks exposure to direct risk can be greatly reduced than when compared to if it were supplying an internet based merchant account facility connected up to a third party online credit card payment processing type gateway where credit cards are attempted to be processed blindly and automatically on the open internet.
While card not present transactions are still considered a high risk transaction type, the fact is an offline credit card processing/merchant facility completely shuts the door on anonymous online individuals from transacting live on the open internet and into the merchant account of an online business owner without them knowing - which is the exact method responsible for almost the entirety of online credit card fraud in the world today.
For the first time banks can now provide a credit card processing/merchant facility package to transact credit cards received online where fraudsters can't transact live on the internet and where the bank is guaratneed that only the legitimate bank approved merchant account owner is the only one performing the charge into the merchant account.
The bank will also be aware that when a business owner processes transactions offline they now have the opportunity to check highly pertinent details about the buyer and order prior to deciding to charge the card. This means the business owner has the chance to identify and terminate any fraudulent payment attempts prior to them doing any harm.
The fact that banks can now supply credit card processing/ merchant account facilities that will only allow approved merchant account owner access as opposed to allowing full and open anonymous access from anyone anywhere on the entire internet is a watershed advancement in tightening-up of a core venerability that banks have always previously had to deal with, and factor in the cost of, when providing merchant account facilities for accepting credit cards online.
Recently 40 million credit cards were stolen from a third party payment processor, see - ZDNet Australia, CNN Money, msnbc. The cost incurred by card vendors to replace and reissue a credit card is reported to be around $10.00. That's a 400 million dollar cost just on re-issuing those 40 million credit cards, not even taking into account the terrible cost of the fraud that was involved.
Yet, had e-Path been the credit card payment gateway not a single credit card would have been permanently stored anywhere online in the first place, therefore, not a single credit card could have possibly been stolen. You can't thieve something that doesn't exist.
We do not want to infer or imply card vendors have a particular attitude or view towards the new e-Path service one way of the other, however, we can safely assume there would have been some serious 'back patting' had they been saved from having to spend 400 million dollars, not to mention the enormous cost that also could have been saved that was incurred by every business around the world that supplied products or services purchased with those stolen credit cards.
|
|
|
Defence Signals Directorate Gateway Certified Telecommunications Carrier
Few other areas are as critically vital to the security of the e-Path service as the actual hosting infrastructure utilised to host and deliver our services to the internet.
e-Path's host,
Netports Australia, exclusively utilises a datacentre and telecommunications carrier which is has achieved Defence Signals Directorate Gateway Certification. This certification conforms with ASCI-33 and the PSM (Protective Security Manual)
Delivering the e-Path service from a 'super-max' security accredited hosting and network environment positively contributes to our ability to deliver overall security that is of the utmost highest calibre.
And in strict accordance with new Australian National Privacy Laws that call for truthful disclosure of all factors involved in the handling of personally identifiable and confidential information, you as the cardholder have an absolute right to know these facts about the very environment handling your highly sensitive credit card data.
See:
Department of Defence Defence Signals Directorate Gateway Certification Guide
Secure technologies you can trust
e-Path comprises of many technologies, some well established and others very new, that all combine to provide a uniquely powerful and secure system that is at the forefront of a new era in secure online e-commerce. These include ...
Full strength SSL protects the connection between you and the business owners e-Path payment gateway. It is not possible for internet communication to occur with any e-Path
payment gateway without the full protection of SSL being present. If you do not have an SSL capable browser you will not be able to communicate with the secure e-Path system.
e-Path utilises THAWTE SSL. THAWTE is recognised as a world leader in SSL. You can confirm the existence of the THAWTE SSL in two ways ...
1.
|
|
Quite independently from e-Path, your browser should be able confirm the secure e-Path gateway page is under SSL protection by the display of a padlock icon. Browsers have various ways of displaying this icon, some display the padlock at the bottom while some at the top within the address bar. If there is any doubt, see #2 to obtain direct confirmation from hte SSL issuer, THAWTE Inc.
|
2.
|
|
At the top of all secure e-Path gateway pages you can click on the THAWTE graphic to verify directly with THAWTE the validity of the e-Path THAWTE SSL. This provides the customer with direct SSL issuer confrmation of a correctly functioning SSL.
|
e-Path utilises the Payment Card Industry Security Standards Council approved and compliant McAfee™ PCI DSS (Payment Card Industry Data Security Standards) program. McAfee™ is a PCI Approved Scanning Vendor (ASV).
McAfee™ is best known for their McAfee Secure trustmark and is a world leading provider of webserver security services including card vendor PCI (Payment Card Industry) compliance services.
The McAfee™ PCI Compliance program meets the requirements of Visa's CISP and AIS, MasterCard's SDP, American Express' DSS, DiscoverCard and JCB.
Our secure systems are physically located in the Macquarie Telecom datacentre in Sydney. Macquarie Telecom is the first telecommunications carrier in Australia to achieve Defence Signals Directorate Gateway Certification, conforming to ASCI-33 and the PSM (Protective Security Manual). ISO 9001:2000, PCI DSS Certification and SAI Global - ISO 27001:2005 are amongst other high level accreditations that combine to establish Macquarie Telecom as being recognised as Australia's most highly security accredited datacentre.
|
|
The above graphic is an actual screen capture of part of e-Path's McAfee™ PCI DSS auditing program control panel |
Asymmetric cryptography (encryption - decryption):
e-Path uses powerful cryptography to further encrypt the payment data entered by the customer. 2,048 bit RSA encryption is a patented algorithm and recognised by Visa, Master Card, American Express and Diners Club as an approved encryption type. With e-Path there are multiple instances of this which all occur on top of and in addition to the SSL encryption that exists to protect the live connection between cardholder and the business owners e-Path gateway system.
According to Qualys CEO Philippe Courtot: "The challenge with encryption is that older payment systems were not built to support the scrambling technology... Encryption is the ultimate measure of security.." From:
http://news.zdnet.com/2100-1009_22-6072594.html)
This protects data during the transporting stage, directly from you the cardholder to the official bank approved merchant account owner.
Here is a example of how a credit card looks when it is encrypted by e-Path. This data is utterly useless to anyone other than the specific merchant it has been encrypted for in the first place ...
Az3jASSVoqHNAKg4bvopr9wjDtdsCT1UTEYBbwAAVc5TvVIuNt7gI830aafGgcfkF
80qAS4Gi7PbKuBhcE7JEx1aSLIxq2jJ2pD0dd2jzznYnxrX6uULu+ec5dsdcRBXVL
WEKPzeKu6htRV9D4U0/lWzgnJEcfp0+tkzS3ntdCfFZnNNABo/d2OAPmjfe9jMDrJqf
u50uEOXkjG2fFn6MFQxvz4jpj7fieo93nZn26J8wOtuDqFcqM9woj5ccBYH63k/ueR8
SD7GZwvfdDJqYmcvrMqRIP0ZmZNdQ9mzRsgjnL9/r9qCt58eg1mgSayGPESd+9
QZp7B6XPpUBybGF4JOF0sOK/CGbZPIrs9/5uOxPx49g1CG2rbjfkkETCUUUScW
PUNNFSTdU9vQlYvtZWCrtn7XRwZQ7clC+vyMhr6XdLATwGE/lsGlNuB97hSV3CJzU
5zaVzP0Skwz0LNhJMJDGNifabjwVQjrj5CPYJhBov8MfCx4VHlekJ+seVn7utPLNk/f2
C6cLVbiXvBmbKlndDeijtn3bi7VU+CkKitmOhOewhlGak6yrLGXEJq33bXyfKyB/A
bYN/3zxqQ4eDERs1Ur4KbOXQ51qImXrTHXntJprGvC8pokl4soPCgGZPM9uEgoqx
vfO0wrwOP6E6gK4htSvZVLVihh80Kmqf2sZXecPfTDZ6ZGrde2/rqw4+tjV++BKa+
c4DP8KtJMkyxK2wSrN7Nooi689trshrQ1Pgq1yVGnKdm/xHr/6sRHvJLfR+KHygfaLr
3xytPX8skkoyU9zf255QvVm5cxrXaDhshsjKVwWlpNbr8VJw55XgjAME0jcQeouXZI
UMVHt4RVIPongqI4ixjqkDqBkIb7qbB3qwdMLMcF6jvULQwGr4JA86wgxgzILHeS3
jdkuri78s8839jkdmmfku59384j&9wksm))kdolem2ui+Nhfu4SEldOkdnka/xon+u8
Ii/TxMDqbc86Lzm94nklenswkxF8=
=tOdt
You may be interested to learn the above is a true example, it is the actual credit card belonging to e-Path's founder. It remains totally and absolutely secure despite is being publicly viewable on this website since 2007. A bold but very effective demonstration of the strength of the encryption used by e-Path.
Once an individual gateway system has been set up for an online business owner they become the only party in the world capable of decrypting card data encrypted on their unique gateway.
What some people say ...
"[e-Path] An ingenuously simple and logical approach with the potential to ease a little pressure on the credit industry as they continue the struggle to close security vulnerabilities with card based live transactions over the internet."
David Taylor - Commerce Tomorrow (Monthly Publication)
""[e-Path] sacrifices the convenience of instant internet based transaction processing for the sake of improved security and control. Granted, they [e-Path] do this well but I for one will not be going to a manual system."
Claire McKinley - Enterprise Commercial Quarterly
"We all know high strength 2,048 bit asymmetric cryptography is unbreakable. What is unique is how they [e-Path] have designed their relatively simple non-processing online credit card handling service around it. Clever."
'Professor Byte' - Willmington e-Commerce Advisory Committee
"This [e-Path] is not a new direction at all ... it simply sends us back to basics which as e-Path has identified can reduce online risk significantly ... reduced risk could see merchant services providers re-think their tough approach towards the entry level virtual business market."
S. Johnston Jnr - Smith, Johnston and Boverich. Strategic Financials.
"You simply can not get a better way to protect credit card information on the internet than for it not to exist on the internet. E-Path delivers what is shaping up to be an almost annoyingly commonsensical solution to the problem of online credit card data security."
Damien Croft - CEO, ComCron
"This new manual gateway from the Australia company, e-Path Pty Ltd, will only appeal to those likely to be doing small numbers of transactions per day and as such can not be considered a mainstream alternative to current live online processors. Reverting back to manual processes means reduced productivity for most businesses. But talk security and I concede e-Path has raised the bar to an impressive height, no doubt about that."
Samantha Goldburg - The Online Merchant
""Their non-permanent storage of card holder data nails a previously unattainable goal for online credit card handlers ... a major achievement that should delight the card provider companies .... but looking under the skin they [e-Path} appear to be little more than an online fax machine on cryptographic steroids."
Simon Metcalf - ComZone UK
"Businesses have been cursing the cost of fraud ever since we were able to process payments online. E-Path looks like the first genuine attempt by a payment gateway to improve security by design .... even though it [e-Path] takes you back to handling processes manually their approach has merit."
Mary Merrywhether - Article 'Risks in Business'
"A proper online payment processor, no. An easier and safer solution for the smaller e-merchant, quite possibly."
Max Minyarno - Financial Services Manager
"E-Path is no big deal. They have simply identified what causes risk and gone about trying to eliminate it. Bright sparks change the world for the better all the time, like I said, no big deal."
Shane Williams - MacSpeak 2007.
"I can't see much point in this new [e-Path] service. Where's the automation? Ok, so its good news in the security department, but having to process manually offline is not going to see everyone rushing to change their card accepting method. It will suit some but certainly not the majority. Nice idea, but not for me."
Trevor - ZNet feedback
"Just my 2c worth. I did this like a year ago. I use e-path. For a full year I have not recorded one single fraud transaction into my merchant account because I can SEE AND IDENTIFY them when I receive them. I will never go back to the 'dark ages' of Russian roulette with an expensive real time gateway and all those charge backs. No way man.."
'TrueBlue' - Contributing comment on Payment Gateways & Merchant Accounts - e-Commerce Talk
"The average business is fed up with money being taken out of their account [by their bank] because the online transaction done last month through their online processing gateway now suddenly turns out was fraudulent. I think doing things manually offline has some real advantages."
'John' - Contributing comment on Payment Gateways & Merchant Accounts - e-Commerce Talk
|