The website you have just come from utilises the e-Path credit card payment gateway to accept credit card charge authorisations from its online customers.
e-Path is a new generation payment gateway that takes security to an extraordinary new level. One of the main reasons the merchant has chosen e-Path is because of the security and protection the e-Path gateway affords you and your credit card data.
The merchants secure e-Path system utilises full strength SSL to protect the connection between you and the merchants secure e-Path payment gateway. You can confirm the existence of SSL by two ways.
1.
|
Quite independently from e-Path, your browser will confirm the secure e-Path gateway page is under SSL protection by a small padlock icon appearing bottom right of your browser window. Some newer browsers have this within their address bar. |
2.
 |
At the top of all secure e-Path gateway pages you can click on the THAWTE graphic to verify directly with THAWTE the validity of the e-Path THAWTE SSL. |
It is estimated that near 70% of the worlds credit card fraud can be either directly or indirectly attributed to credit card details being compromised (hacked into, stolen, copied) when permanently stored in databases on web servers or within similar storage devices.
It is not widely known that mostly all 'real time' or 'live' online payment gateways permanently store highly sensitive credit card and transaction details in databases on web servers or on similar storage devices, usually without the cardholder even being aware.
And no matter how complex and powerful the firewalls in place, it is a disturbing fact that when credit card details are permanently stored on the internet they can never be guaranteed 100% safe.
But e-Path has been engineered to do things differently. Very differently. With e-Path we do not permanently store your private credit card details. No credit card numbers, no names, no expiry dates, nothing. There are no databases, no permanent transaction history reporting, nothing is permanently stored on the internet with e-Path.
Once the merchant is in receipt of your credit card payment, as far as e-Path and the open internet is concerned it is as if your online credit card payment never occurred in the first place. This ultimate form of protection for your credit card details is part of a new generation in online e-commerce security of which e-Path is proudly at its forefront.
In the words of Damien Croft CEO ComCron '' You simply can not get a better way to protect credit card information on the internet than for it not to exist on the internet.''
The bottom line is its all about risk and one of the reasons why the online business whose website you've just come from is using e-Path is because they are not prepared to risk anything when it comes to the security of their customers credit card data.
e-Path utilises the Payment Card Industry Data Security Council approved and compliant McAfee™ PCI DSS (Payment Card Industry Data Security Standards) program. McAfee™ is a PCI Approved Scanning Vendor (ASV).
| McAfee™ is best known for their HACKER SAFE trustmark and is a world leading provider of webserver security services including card vendor PCI (Payment Card Industry) compliance services. The McAfee™ PCI Compliance program meets the requirements of Visa's CISP and AIS, MasterCard's SDP, American Express' DSS, DiscoverCard and JCB. McAfee™ performs complex security and vulnerability scanning on an almost continual basis and provides e-Path with concise information on the continued security and PCI DSS compliance status of our secure server. The 'device' is the secure server used to exclusively perform the e-Path secure credit card payment gateway service on the internet. Maintaining PCI DSS compliance is critical to e-Path and McAfee™ assists us in this process. |
 Above: The above graphic is an actual screen capture of part of a McAfee™ report on the security status of the secure e-Path gateway server (device). |
The Payment Card Industry Data Security Standards, or PCI DSS, is a new uniform world wide security standard that aggressively combats vulnerability and risk associated with the handling of credit card data across all industries.
If a website accepts credit cards online they are required to be PCI DSS compliant certified. Compliance is not a request, or suggestion, it is now a requirement and is enforceable.
Online businesses that accept credit cards online but are found not to be compliant with PCI DSS may face heavy penalties, from having the website owners merchant account facility cancelled to possible fines of between $10,000 to $500,000.
Despite this, there are still countless websites and e-commerce sites accepting credit card details online that are not PCI DSS compliant certified. In these circumstances not only is the website owner acting in blatant contravention of what is expressly and contractually required of them under the PCI DSS, but they may also be putting your credit card details at great risk.
e-Path strongly suggests not to, under any circumstances, enter your credit card details into a website, shopping cart or payment gateway service that is not 
PCI DSS compliant certified.
Please feel free to have this advice confirmed by directly contacting Visa International, Mastercard, American Express, Diners Club or any bank in the world involved in the delivery of online or offline merchant services.
Should you be further interested, here is the actual standard: PCI DSS (pdf)
e-Path uses extraordinarily powerful encryption to further encrypt the payment data entered. 2,048 bit RSA encryption is a patented algorithm and recognised by Visa, Master Card, American Express and Diners Club as an approved encryption type. With e-Path this occurs on top of and in addition to the SSL encryption that exists to protect the live connection between you and the merchant's e-Path payment gateway.
It is our understanding that e-Path is one of only three credit card payment gateways in the world today that deploys individual asymmetric cryptography (encryption) security. This is of course on top of and in addition to the 128/256 bit SSL connection encryption.
According to Qualys CEO Philippe Courtot: 'The challenge with encryption is that older payment systems were not built to support the scrambling technology... Encryption is the ultimate measure of security..' (From: http://news.zdnet.com/2100-1009_22-6072594.html)
Here is a example of how a credit card looks when it is encrypted by e-Path. This data is utterly useless to anyone other than the specific merchant it has been encrypted for in the first place ...
Az3jASSVoqHNAKg4bvopr9wjDtdsCT1UTEYBbwAAVc5TvVIuNt7gI830aafGgcfkF
80qAS4Gi7PbKuBhcE7JEx1aSLIxq2jJ2pD0dd2jzznYnxrX6uULu+ec5dsdcRBXVL
WEKPzeKu6htRV9D4U0/lWzgnJEcfp0+tkzS3ntdCfFZnNNABo/d2OAPmjfe9jMDrJqf
u50uEOXkjG2fFn6MFQxvz4jpj7fieo93nZn26J8wOtuDqFcqM9woj5ccBYH63k/ueR8
SD7GZwvfdDJqYmcvrMqRIP0ZmZNdQ9mzRsgjnL9/r9qCt58eg1mgSayGPESd+9
QZp7B6XPpUBybGF4JOF0sOK/CGbZPIrs9/5uOxPx49g1CG2rbjfkkETCUUUScW
PUNNFSTdU9vQlYvtZWCrtn7XRwZQ7clC+vyMhr6XdLATwGE/lsGlNuB97hSV3CJzU
5zaVzP0Skwz0LNhJMJDGNifabjwVQjrj5CPYJhBov8MfCx4VHlekJ+seVn7utPLNk/f2
C6cLVbiXvBmbKlndDeijtn3bi7VU+CkKitmOhOewhlGak6yrLGXEJq33bXyfKyB/A
bYN/3zxqQ4eDERs1Ur4KbOXQ51qImXrTHXntJprGvC8pokl4soPCgGZPM9uEgoqx
vfO0wrwOP6E6gK4htSvZVLVihh80Kmqf2sZXecPfTDZ6ZGrde2/rqw4+tjV++BKa+
c4DP8KtJMkyxK2wSrN7Nooi689trshrQ1Pgq1yVGnKdm/xHr/6sRHvJLfR+KHygfaLr
3xytPX8skkoyU9zf255QvVm5cxrXaDhshsjKVwWlpNbr8VJw55XgjAME0jcQeouXZI
UMVHt4RVIPongqI4ixjqkDqBkIb7qbB3qwdMLMcF6jvULQwGr4JA86wgxgzILHeS3
jdkuri78s8839jkdmmfku59384j&9wksm))kdolem2ui+Nhfu4SEldOkdnka/xon+u8
Ii/TxMDqbc86Lzm94nklenswkxF8=
=tOdt
As a business owner, accepting credit cards online with e-Path means the website owner's merchant account at their bank is kept well away from the vulnerabilities of being open to everyone on the internet.
Again, unlike with a typical 'real time' or 'live' payment gateway, with e-Path the owner's merchant account at their bank is NOT used live on the internet at all. It is impossible for criminals to enter a stolen credit card number directly into your own private merchant account live to get the real time transaction response they are looking for. e-Path finally puts the online business owner where they should be ... in control of their own merchant account at their bank.
So, not only is the website you have come from providing you with extraordinary levels of security as a credit card paying customer but they are also protecting themselves and their business interests. And incidentally, they are achieving this at a far less cost than if they used other online credit card payment gateway systems currently available.
What the Experts Say ..."[e-Path] An ingenuous lateral approach with the potential to ease the pressure on the credit industry as they continue the struggle to close security vulnerabilities with card based live transactions over the internet." David Taylor - Commerce Tomorrow (Monthly Publication) "Watch e-Path. The disturbing question is why has it taken so long for a model like this to appear?" William J Newbury - Financial Reviews, Epay World "[e-Path] A new method bred to P.C.I. standards ... sacrifices the convenience of instant internet based transaction processing for the sake of improved security. Granted, they [e-Path] do this well but I for one will not be going to a manual system." Claire McKinley - Enterprise Commercial Quarterly "We all know high strength 2,048 bit asymmetric cryptography is unbreakable. What is unique is how they [e-Path] have designed their relatively simple non-processing online credit card payment service around it. Clever." 'Professor Byte' - Willmington e-Commerce Advisory Committee "This [e-Path] new direction gives online businesses the ability to seize control of their transaction processes for the purpose of reducing their own direct exposure to risk .... I can see how this would work well .... a safer system offering reduced risk would give banks prime leverage to target their merchant services to the lucrative entry level virtual business market with renewed vigour." S. Johnston Jnr - Smith, Johnston and Boverich. Strategic Financials. "You simply can not get a better way to protect credit card information on the internet than for it not to exist on the internet. E-Path delivers what is shaping up to be an almost annoyingly commonsensical solution to the problem of internet based credit card data security." Damien Croft - CEO, ComCron "The challenge with encryption is that older payment systems were not built to support the scrambling technology ... Encryption is the ultimate measure of security.." Qualys CEO Philippe Courtot From: http://news.zdnet.com/2100-1009_22-6072594.html "This new manual gateway [e-Path] will only appeal to those likely to be doing small numbers of transactions per day and as such can not be considered a mainstream alternative to current live onlne processors .... the market for this type of online/offline service is small. But talk security and e-Path has raised the bar by an impressive margin." Samantha Goldburg - The Online Merchant "Their non-permanent storage of credit card data nails a previously unattainable goal for online card handlers ... a major achievement that should delight the card provider companies .... you will be hard pressed finding a safer method." Simon Metcalf - ComZone UK "We are talking about protecting credit card information aren't we? Their [e-Path] security looks like something you would expect to see safeguarding launch codes for strategic missile launch and not Joe's credit card when he purchases his latest subscription of 'Home Gardening' magazine online. All a bit over the top for my liking but maybe that's what is needed now." Nigel Tonks "The issue with online processing is it was never thought through properly. For the sake of allowing credit cards to be accepted as quickly as possible from this new phenomenon called of the internet, policy makers made allowances and cut corners. Businesses have been cursing the cost of fraud ever since. E-Path looks like the first genuine attempt by a payment gateway to improve security by actual design .... even though it is a manual process their approach is quite ingenious .... should help arrest the problem of businesses being unduly vulnerable to financial loss caused by online credit card fraud." Mary Merrywhether - Article 'Risks in Business' "Just what the small business operator needs to get happening on the net securely without the usual heavy overhead." Tony Jenkins "A proper gateway, no. An easier and safer solution for the smaller e-merchant, quite possibly." Max Minyarno - Financial Services Manager "E-Path is no big deal. They have simply identified what causes risk and gone about eliminating it. Bright sparks change the world for the better all the time, like I said, no big deal." Shane Williams - MacSpeak 2007. "What a first class little service. Why would people still run the risk of fines by accepting credit card payments online by insecre methods, like email, when doing it right is now so affordable." Jamie Bradley - Editor, Smart Talk |
About e-Path SecurityAbout e-Path Pty Ltd
 |
 |
 |
 |
|
|
Home| The Credit Card Payment Gateway | How e-Path Works | Merchant Requirements | About e-Path Pty Ltd
e-Path Security | Payment Gateway Integration | About the PCI DSS | Price | e-Commerce Hosting | e-Partner Opportunities F.A.Q. | Support Centre | TOS, UA, Merchant Agreement | Privacy Policy | Contact | Apply for e-Path Now | DEMO | Site Content Disclaimer   |
||
|
|
|
|
This website makes no determination as to the suitability of the e-Path service for your particular personal or business needs.
e-Path is an Australian based global provider of the e-Path Internet Credit Card Payment Gateway Service. All Rights Reserved - Copyright 2005, 2006, 2007, 2008 E-PATH PTY LTD ACN:124032917 | ABN:70124032917  |
The Payment Gateway