You Are Paying Safely On The Internet

Safely pay by credit card online using e-Path

The website you have just come from utilises the e-Path credit card payment gateway to accept credit card charge authorisations from its online customers.

When paying by credit card online via e-Path you are utilising a new generation payment gateway engineered from the ground up to remove much of the vulnerability and risk that has plagued the online e-commerce industry since it first started.

Without permanently storing your credit card, transaction or identity details online e-Path achieves a level of security that is both unique and unmatched within the online card handling industry. Quite possibly your credit card details have never before been so secure. See:

CDU Compliance

Here is exactly why and how e-Path finally changes things for the better for ....

You, The Cardholder

The Business Owner

Banks (merchant accts)

Credit Card Vendors



	It is estimated that between 85% and 90% of the worlds credit card and identity theft can be traced back to highly sensitive credit card and identity details being compromised when permanently stored in databases, storage devices, networks or other types of internet connected systems. Subsequently, hundreds of millions of dollars are spent each and every year in the continuing struggle, day after day, to protect permanently stored credit card details and highly confidential identity information from 'hackers' and 'cyber criminals' on the internet. To the heartbreak of cardholders and online businesses all over the globe, 'hackers' and 'cyber criminals' are still managing to breach even the strongest of security defences .... More than 100 million credit cards may have been compromised in data breach Credit card breach exposes 40 million accounts 40M credit cards hacked 40 million credit cards exposed Visa confirms another payment processor breach Despite the known and recognised risks the practice of permanently storing credit card details, transaction data and highly sensitive identity information remains a fundamental function of mostly all 'real time' payment gateway processing systems. But the new e-Path payment gateway is different. Very different. e-Path has been engineered to remove the need for the gateway to permanently store highly sensitive credit card, transaction and identity details and subsequently is the first gateway of its type to terminate, by design, the core reason why credit card details and highly confidential identity information potentially becomes available to be compromised in the very first place. When you pay by credit card online using e-Path, not a single snippet of your highly private and sensitive credit card details, or any other details for that matter, will be permanently stored online. No names, no credit card numbers, no expiry dates, nothing. Once the official bank approved merchant account owner is in receipt of your credit card charge authorisation as far as e-Path and the internet is concerned it is as if that payment never occurred in the first place. In the words of Damien Croft CEO ComCron *'' You simply can not get a better way to protect credit card information on the internet than for it not to exist on the internet.''* When highly sensitive credit card details, transaction history details and identity information is not permanently stored online or anywhere else by the payment gateway then no matter how successful the 'hackers' or 'cyber criminals', the fact is there is simply nothing there to thieve! When sensitive data doesn't exist it can't possibly be stolen! This extreme level of security has a name, its called CDU (Critical Data Unplugged) and it represents the ultimate ideal for the protection of critical data in the age of the internet. The business owner who's website you've just come from is clearly very serious about security. Their decision to utilise the e-Path credit card payment gateway is evidence they are not prepared to compromise when it comes to protecting their own online customers. As a business owner accepting credit cards online with e-Path means their private merchant account at their bank is kept well away from the vulnerabilities of being open to everyone on the internet. With the typical third party 'real time' payment processing gateways anyone anywhere can enter any credit card they like and it will be communicated directly with the business owner's merchant account, even without the business owner knowing. That's what 'live' online transactions are. This open direct access by any anonymous individual to transact a credit card 'live' without the business owner even knowing about it enables fraud to be perpetrated online with relative ease. In fact it is the number one reason why fraud can be so effortlessly perpetrated online in the world today! With e-Path this vulnerability no longer exists. With e-Path anonymous individuals are denied direct access to transact credit cards 'live' online. The closing off of this vulnerability represents a major step forward in improving the security dynamics of online ecommerce activity and management for the business owner. e-Path finally puts the online business owner where they need to be ... in total control of their e-commerce business, and their own merchant account at their bank and what credit card payments they accept and don't accept. When a bank provides a business owner with a manual merchant account facility to enable that business owner to charge credit card payments received online through e-Path, the banks exposure to direct risk can be greatly reduced than when compared to if it were supplying an internet based merchant account facility connected up to a third party real time payment processing type gateway where credit cards are processed blindly on the open internet. While card not present transactions are still considered a high risk transaction type, the fact is a manual merchant account will never allow anonymous online individuals to directly and automatically transact a stolen credit card live into it, the ability of which is the number one reason why fraud is perpetrated online today. With the current third party 'real time' processing gateway/internet based merchant account system anyone anywhere can anonymously enter any credit card they like online for it to be blindly processed live directly with the merchant account of a business owner without the business owner even knowing. It can be well argued that the third party online processing system's actual design has inadvertently created the perfect made-to-measure tool for fraudsters and cyber criminals to facilitate their illegal activities on the internet in the first place. To counter this, anti-fraud screening services such as 3-D Secure™, Verified By Visa™, Master Card Secure Code™ etc., can be deployed to defend against this open vulnerability. Each are highly potent and powerful automated fraud screening systems that are continually being improved upon. But circumstances need to be right for them to be effective. There is a crippling multi billion dollar fraud cost (and growing) each year that more than suggests automated fraud screening systems have a fair way to go before they can unequivocally guarantee 100% protection for the online business owner against falling victim to fraudsters instantly transacting stolen credit cards into a live gateway and thus directly into the merchant account of the online business owner. However, when e-Path is the gateway, for the first time banks can now provide a manual merchant account service to transact credit cards received online where only the legitimate bank approved merchant account owner is the only one performing the charge into the merchant account. The merchant account facility is not being left open and accessible to the entire population on the internet and will not allow anonymous individuals to transact any credit card straight away and into the merchant account without the merchant account owner knowing - this risk is completely eliminated when a manual merchant account is used. Fraudsters and cyber criminals are stopped from having direct access into the merchant account of the business owner. They suddenly no longer have the means to anonymously transact stolen credit cards 'live' on the net and get the live transaction response they look for. This wide open door is shut permanently closed when e-Path is the gateway and a manual merchant account is the merchant account facility. Stopping direct access into marchant accounts from the open internet significently reduces much of the very vlunerabilities and risks that have previously always had to be present when accepting credit cards online. The bank will also be aware that with a manual merchant account the business owner now has the opportunity to check highly pertinent details about the buyer and order prior to deciding to charge the card. This means the business owner has the chance to identify and terminate any fraudulent payment attempts prior to them doing any harm - again, something that is not possible when accepting credit cards 'live' on the net via a third party 'real time' processing gateway system connected to an internet only based merchant account facility. The fact that banks can now supply manual merchant account facilities that will only allow approved merchant account owner access as opposed to allowing full and open anonymous access from anyone anywhere on the entire internet represents a benchmark tightening-up of a core venerability that banks have always previously had to deal with, and factor in the cost of, when providing merchant account facilities for accepting credit cards online. Recently 40 million credit cards were stolen from a third party payment gateway processor, see - ZDNet Australia, CNN Money, msnbc. The cost incurred by card vendors to replace and reissue a credit card is reported to be around $10.00. That's a 400 million dollar cost just on re-issuing those 40 million credit cards, not even taking into account the terrible cost of the fraud that was involved. Yet, had e-Path been the credit card payment gateway not a single credit card would have been permanently stored anywhere online in the first place, therefore, not a single credit card could have possibly been stolen. You can't thieve something that doesn't exist. We do not want to infer or imply card vendors have a particular attitude or view towards the new e-Path service one way of the other, however, we can safely assume there would have been some serious 'back patting' had they been saved from having to spend 400 million dollars, not to mention the enormous cost that also could have been saved that was incurred by every business around the world that supplied products or services purchased with those stolen credit cards.

Defence Signals Directorate Gateway Certified Telecommunications Carrier

Few other areas are as critically vital to the security of the e-Path service as the actual hosting infrastructure utilised to host and deliver our services to the internet.

e-Path's host,

Netports Australia, exclusively utilises the Macquarie Telecom telecommunications carrier which is the first telecommunications carrier in Australia to achieve Defence Signals Directorate Gateway Certification. This certification conforms with ASCI-33 and the PSM (Protective Security Manual)

Delivering the e-Path service from a 'super-max' security accredited hosting and network environment positively contributes to our ability to deliver overall security that is of the utmost highest calibre.

And in accordance with Australian National Privacy Policy principals that call for truthful disclosure of all factors involved in the handling of personally identifiable and confidential information, you as the cardholder have an absolute right to know this.

See

Defence Signals Directorate

Secure technologies you can trust

e-Path comprises of many technologies, some well established and others very new, that all combine to provide a uniquely powerful and secure system that is at the forefront of a new era in secure online e-commerce. These include ...

Full strength SSL protects the connection between you and the business owners e-Path payment gateway. It is not possible for internet communication to occur with any e-Path payment gateway without the full protection of SSL being present. If you do not have an SSL capable browser you will not be able to communicate with the secure e-Path system.

e-Path utilises THAWTE SSL. THAWTE is recognised as a world leader in SSL. You can confirm the existence of the THAWTE SSL in two ways ...

1.

Quite independently from e-Path, your browser should be able confirm the secure e-Path gateway page is under SSL protection by the display of a padlock icon. Browsers have various ways of displaying this icon, some display the padlock at the bottom while some at the top within the address bar. If there is any doubt, see #2 to obtain direct confirmation from hte SSL issuer, THAWTE Inc.

THAWTE SSL can be confirmed with one click

At the top of all secure e-Path gateway pages you can click on the THAWTE graphic to verify directly with THAWTE the validity of the e-Path THAWTE SSL. This provides the customer with direct SSL issuer confrmation of a correctly functioning SSL.

e-Path, PCI DSS Compliance and McAfee™

e-Path utilises the Payment Card Industry Security Standards Council approved and compliant McAfee™ PCI DSS (Payment Card Industry Data Security Standards) program. McAfee™ is a PCI Approved Scanning Vendor (ASV).

McAfee™ is best known for their McAfee Secure trustmark and is a world leading provider of webserver security services including card vendor PCI (Payment Card Industry) compliance services.

The McAfee™ PCI Compliance program meets the requirements of Visa's CISP and AIS, MasterCard's SDP, American Express' DSS, DiscoverCard and JCB.

Our secure systems are physically located in the Macquarie Telecom datacentre in Sydney. Macquarie Telecom is the first telecommunications carrier in Australia to achieve Defence Signals Directorate Gateway Certification, conforming to ASCI-33 and the PSM (Protective Security Manual). ISO 9001:2000, PCI DSS Certification and SAI Global - ISO 27001:2005 are amongst other high level accreditations that combine to establish Macquarie Telecom as being recognised as Australia's most highly security accredited datacentre.

McAfee Secure & PCI Compliance Scan Results for e-Path

The above graphic is an actual screen capture of part of e-Path's McAfee™ PCI DSS auditing program control panel

Asymmetric cryptography (encryption - decryption):

e-Path uses powerful cryptography to further encrypt the payment data entered by the customer. 2,048 bit RSA encryption is a patented algorithm and recognised by Visa, Master Card, American Express and Diners Club as an approved encryption type. With e-Path there are multiple instances of this which all occur on top of and in addition to the SSL encryption that exists to protect the live connection between cardholder and the business owners e-Path gateway system.

According to Qualys CEO Philippe Courtot: "The challenge with encryption is that older payment systems were not built to support the scrambling technology... Encryption is the ultimate measure of security.." From:

http://news.zdnet.com/2100-1009_22-6072594.html)

This protects data during the transporting stage, directly from you the cardholder to the official bank approved merchant account owner.

Here is a example of how a credit card looks when it is encrypted by e-Path. This data is utterly useless to anyone other than the specific merchant it has been encrypted for in the first place ...

Az3jASSVoqHNAKg4bvopr9wjDtdsCT1UTEYBbwAAVc5TvVIuNt7gI830aafGgcfkF
80qAS4Gi7PbKuBhcE7JEx1aSLIxq2jJ2pD0dd2jzznYnxrX6uULu+ec5dsdcRBXVL
WEKPzeKu6htRV9D4U0/lWzgnJEcfp0+tkzS3ntdCfFZnNNABo/d2OAPmjfe9jMDrJqf
u50uEOXkjG2fFn6MFQxvz4jpj7fieo93nZn26J8wOtuDqFcqM9woj5ccBYH63k/ueR8
SD7GZwvfdDJqYmcvrMqRIP0ZmZNdQ9mzRsgjnL9/r9qCt58eg1mgSayGPESd+9
QZp7B6XPpUBybGF4JOF0sOK/CGbZPIrs9/5uOxPx49g1CG2rbjfkkETCUUUScW
PUNNFSTdU9vQlYvtZWCrtn7XRwZQ7clC+vyMhr6XdLATwGE/lsGlNuB97hSV3CJzU
5zaVzP0Skwz0LNhJMJDGNifabjwVQjrj5CPYJhBov8MfCx4VHlekJ+seVn7utPLNk/f2
C6cLVbiXvBmbKlndDeijtn3bi7VU+CkKitmOhOewhlGak6yrLGXEJq33bXyfKyB/A
bYN/3zxqQ4eDERs1Ur4KbOXQ51qImXrTHXntJprGvC8pokl4soPCgGZPM9uEgoqx
vfO0wrwOP6E6gK4htSvZVLVihh80Kmqf2sZXecPfTDZ6ZGrde2/rqw4+tjV++BKa+
c4DP8KtJMkyxK2wSrN7Nooi689trshrQ1Pgq1yVGnKdm/xHr/6sRHvJLfR+KHygfaLr
3xytPX8skkoyU9zf255QvVm5cxrXaDhshsjKVwWlpNbr8VJw55XgjAME0jcQeouXZI
UMVHt4RVIPongqI4ixjqkDqBkIb7qbB3qwdMLMcF6jvULQwGr4JA86wgxgzILHeS3
jdkuri78s8839jkdmmfku59384j&9wksm))kdolem2ui+Nhfu4SEldOkdnka/xon+u8
Ii/TxMDqbc86Lzm94nklenswkxF8=
=tOdt

You may be interested to learn the above is a true example, it is the actual credit card belonging to e-Path's founder. It remains totally and absolutely secure despite is being publicly viewable on this website since 2007. A bold but very effective demonstration of the strength of the encryption used by e-Path.

Once an individual gateway system has been set up for an online business owner they become the only party in the world capable of decrypting card data encrypted on their unique gateway.

What They Say ...

"[e-Path] An ingenuous lateral approach with the potential to ease the pressure on the credit industry as they continue the struggle to close security vulnerabilities with card based live transactions over the internet."
David Taylor - Commerce Tomorrow (Monthly Publication)

"Watch e-Path. The disturbing question is why has it taken so long for a model like this to appear?"
William J Newbury - Financial Reviews, Epay World

"[e-Path] A new method bred to P.C.I. standards ... sacrifices the convenience of instant internet based transaction processing for the sake of improved security. Granted, they [e-Path] do this well but I for one will not be going to a manual system."
Claire McKinley - Enterprise Commercial Quarterly

"We all know high strength 2,048 bit asymmetric cryptography is unbreakable. What is unique is how they [e-Path] have designed their relatively simple non-processing online credit card payment service around it. Clever."
'Professor Byte' - Willmington e-Commerce Advisory Committee

"This [e-Path] new direction gives online businesses the ability to seize control of their transaction processes for the purpose of reducing their own direct exposure to risk .... I can see how this would work well .... a safer system offering reduced risk would give banks prime leverage to target their merchant services to the lucrative entry level virtual business market with renewed vigor."
S. Johnston Jnr - Smith, Johnston and Boverich. Strategic Financials.

"You simply can not get a better way to protect credit card information on the internet than for it not to exist on the internet. E-Path delivers what is shaping up to be an almost annoyingly commonsensical solution to the problem of internet based credit card data security."
Damien Croft - CEO, ComCron

"The challenge with encryption is that older payment systems were not built to support the scrambling technology ... Encryption is the ultimate measure of security.."
Qualys CEO Philippe Courtot
From: http://news.zdnet.com/2100-1009_22-6072594.html

"This new manual gateway from the Australia company, e-Path Pty Ltd, will only appeal to those likely to be doing small numbers of transactions per day and as such can not be considered a mainstream alternative to current live online processors. Going manual means reduced productivity for most businesses. But talk security and I concede e-Path has raised the bar to a very impressive height, no doubt about that."
Samantha Goldburg - The Online Merchant

"What rock has e-Path been hiding under?"
Tracey Ward - The Business Family

"Their non-permanent storage of credit card data nails a previously unattainable goal for online card handlers ... a major achievement that should delight the card provider companies .... you will be hard pressed finding a safer method."
Simon Metcalf - ComZone UK

"Businesses have been cursing the cost of fraud ever since we were able to process payments online. E-Path looks like the first genuine attempt by a payment gateway to improve security by actual design .... even though it is a manual process their approach is quite ingenious .... should help arrest the problem of businesses being unduly vulnerable to financial loss caused by online credit card fraud."
Mary Merrywhether - Article 'Risks in Business'

"A proper payment gateway processor, no. An easier and safer solution for the smaller e-merchant, quite possibly."
Max Minyarno - Financial Services Manager

"E-Path is no big deal. They have simply identified what causes risk and gone about eliminating it. Bright sparks change the world for the better all the time, like I said, no big deal."
Shane Williams - MacSpeak 2007.

"What a first class little service. Why would people still run the risk of fines by accepting credit card payments online by insecure methods, like email, when doing it right is now so affordable."
Jamie Bradley - Editor, Smart Talk

"I can't see much point in this new [e-Path] service. Where's the automation? OK, so its good news in the security department, a bit cheaper and easier to handle but having to makes charges manually offline is not going to have everyone rushing to change their gateway. It will suit some but certainly not the majority. Nice idea, but not for me."
Trevor - ZNet feedback

"A small company that has achieved something real here .... they understate the contribution I can see them having on making the internet safer and less costly for online businesses."
Joe Briggins - Social media enthusiast specialising in Internet and computer security

"Just my 2c worth. I did this like a year ago. I use e-path. For a full year I have not recorded one single fraud transaction into my merchant account because I can SEE AND IDENTIFY them when I receive them. I can offer my customers the best security there is because none of their credit card details are permanently stored on the world wide web. And to top it off it is cheap and makes me totally PCI compliant without me having to do anything to my site or my hosting. It is an awesome service and I will never go back to the 'dark ages' of Russian roulette with an expensive real time gateway and all those charge backs. No way man.."
'TrueBlue' - Contributing comment on Payment Gateways & Merchant Accounts - e-Commerce Talk

"As everyone scrambles to dig deep into their wallets to become PCI DSS compliant, e-Path has the answer neatly wrapped up in a single package where you don't have to dig so deep."
David Knight - Australian e-commerce industry observer

"Doing things manually gives a huge advantage in stopping credit card fraud ... The average business is fed up with money being taken out of their account [by their bank] because the automatic online charge done last month through their real time gateway now suddenly turns out was a fraudulent one. I think doing things manually has some real advantages."
'John' - Contributing comment on Payment Gateways & Merchant Accounts - e-Commerce Talk