You Are Paying Safely On The Internet

The website you have just come from utilises the e-Path credit card payment gateway to accept credit card charge authorisations from its online customers.

When paying by credit card online via e-Path you are utilising a new generation payment gateway engineered from the ground up to remove much of the vulnerability and risk that has plagued the online e-commerce industry since it first started.

Quite possibly your credit card details have never before been so secure.

Here is exactly why and how e-Path finally changes things for the better for ....

You, The Cardholder

The Business Owner

Banks (merchant accts.)

Credit Card Vendors



	It is estimated that near 75% of the worlds credit card fraud can be either directly or indirectly traced back to credit card details being compromised (hacked into, stolen, copied) when permanently stored in databases on web servers or within similar internet accessible permanent storage devices. Although card data security is improving, this risk still very much exists. Subsequently, hundreds of millions of dollars are spent each and every year in the continuing struggle to protect permanently stored credit card details from 'hackers' and 'cyber criminals' on the internet. To the heartbreak of cardholders and online businesses, hackers and cyber criminals still sometimes manage to breach security defences and get in, here is just one example: ZDNet Australia, CNN Money, msnbc. Despite the known and recognised risks the practice of permanently storing credit card details on webservers, databases and in internet accessible devices remains a fundamental action of mostly all third party payment gateway processors. They can't do much about it because that's the way the system was designed all those years ago and is how the system operates still to this day. But the new e-Path gateway is different. e-Path has been engineered to remove the need to permanently store credit card details by the gateway and subsequently is the first payment gateway of its type in the world to terminate, by design, the core reason why card data potentially becomes available to 'hackers' and 'cyber criminals' in the very first instance. When you pay by credit card online using e-Path, not a single snippet of your highly private and sensitive credit card details, or any other details for that matter, will be permanently stored online. No names, no credit card numbers, no expiry dates, nothing. Once the business owner is in receipt of your credit card charge authorisation as far as e-Path and the internet is concerned it is as if that payment never occurred in the first place. In the words of Damien Croft CEO ComCron *'' You simply can not get a better way to protect credit card information on the internet than for it not to exist on the internet.''* For the first time you as the cardholder can now pay by credit card online using a secure payment gateway where your private credit card details are not going to be permanently stored by the gateway on the internet or in some internet accessible storage device or database somewhere. When credit card data is not permanently stored online or in any internet accessible device anywhere then it can't possibly be stolen from there. 'Hackers' and 'cyber criminals' can't thieve something that doesn't exist!!! The business owner whose website you've just come from is clearly very serious about security. Their decision to utilise the e-Path credit card payment gateway is evidence they are not prepared to compromise when it comes to protecting their online customers. As a business owner accepting credit cards online with e-Path means their private merchant account at their bank is kept well away from the vulnerabilities of being open to everyone on the internet. With the typical third party 'real time' payment processor gateways anyone anywhere can enter any credit card they like and it will be communicated directly with the business owner's merchant account, even without the business owner knowing. That's what 'live' online transactions are. This open direct access into the private merchant account of the business owner by anyone connected to the world wide web is one of the core reasons why fraud can be so effortlessly perpetrated online. With e-Path this vulnerability no longer exists. With e-Path anonymous individuals are denied direct access to the business owners merchant account because the merchant account is no longer sitting open and accessible on the internet. The closing off of this vulnerability represents a tangible step forward in improving the security dynamics of online ecommerce activity and management for the business owner. e-Path finally puts the online business owner where they need to be ... in total control of their own merchant account at their bank and what credit card payments they accept and don't accept. When a bank provides a business owner with a manual merchant account facility to enable that business owner to charge credit card payments received online through e-Path, the banks exposure to direct risk can be greatly reduced than when compared to if it were supplying an internet based merchant account facility connected up to a third party real time payment processing type gateway. While card not present transactions are still considered a high risk transaction type, the fact is a manual merchant account will never allow anonymous online individuals to directly and automatically transact a stolen credit card live into it, the ability of which is said to be one of the main reasons why fraud still seems to be so effortlessly perpetrated online today. With the current third party 'real time' processing gateway/internet based merchant account system anyone anywhere can anonymously enter any credit card they like online for it to be communicated live directly with the merchant account of a business owner without the business owner even knowing. It can be well argued that the third party gateway online processing system's actual design has inadvertently created the perfect made-to-measure tool for fraudsters and cyber criminals to facilitate their illegal activities on the internet in the first place. To counter this, anti-fraud screening services such as 3-D Secure™, Verified By Visa™, Master Card Secure Code™ etc., can be deployed to defend against this open vulnerability. Each are highly potent and powerful automated fraud screening systems that are continually being improved upon. But circumstances need to be right for them to be effective. There is a crippling $600 million fraud cost (and growing) each year that more than suggests automated fraud screening systems have a little way to go before they can unequivocally guarantee 100% protection for the online business owner against falling victim to fraudsters instantly transacting stolen credit cards into a live gateway and thus directly into the merchant account of the online business owner. However, when e-Path is the gateway, for the first time banks can now provide a manual merchant account service to transact credit cards received online where only the legitimate bank approved merchant account owner is the only one performing the charge into the merchant account. The merchant account facility is not being left open and accessible to the entire population on the internet and will not allow anonymous individuals to transact any credit card they like into it live on the net - this risk is completely eliminated when a manual merchant account is used. Therefore, overall exposure to direct risk for both the business owner and the bank itself is greatly reduced. The end result of this is not only substantial potential cost savings for both the online business owner and the bank itself but also they both are making a tangible overall contribution towards reducing online credit card fraud. Fraudsters and cyber criminals suddenly no longer have the means to anonymously transact stolen credit cards 'live' on the net and get the live transaction response they look for. This wide open door is shut permanently closed when e-Path is the gateway and a manual merchant account is the merchant account facility. The bank will also be aware that with a manual merchant account the business owner now has the opportunity to check highly pertinent details about the buyer and order prior to deciding to charge the card. This means the business owner has the chance to identify and terminate any fraudulent payment attempts prior to them doing any harm - again, something that is not possible when accepting credit cards 'live' on the net via a third party 'real time' processing gateway system connected to an internet only based merchant account facility. The fact that banks can now supply merchant account facilities that will only allow approved merchant account owner access as opposed to allowing full and open anonymous access from anyone anywhere on the entire internet represents a benchmark tightening-up of a core venerability that banks have always previously had to deal with, and factor in the cost of, when providing merchant account facilities for accepting credit cards online. Recently 40 million credit cards were stolen from a third party payment gateway processor, see - ZDNet Australia, CNN Money, msnbc. The cost incurred by card vendors to replace and reissue a credit card is around $10.00. That's a 400 million dollar cost just on re-issuing those 40 million credit cards, not even taking into account the terrible cost of the fraud that was involved. Yet, had e-Path been the credit card payment gateway not a single credit card would have been permanently stored anywhere online in the first place, therefore, not a single credit card could have possibly been stolen. You can't thieve something that doesn't exist. We do not want to infer or imply card vendors have a particular attitude or view towards the new e-Path service one way of the other, however, we can safely assume there would have been some serious 'back patting' had they been saved from having to spend 400 million dollars, not to mention the enormous cost that also could have been saved that was incurred by every business around the world that supplied products or services purchased with those stolen credit cards.

Secure Technologies you Can Trust

e-Path comprises of many technologies, some well established and others very new, that all combine to provide a uniquely powerful and secure system that is at the forefront of a new era in secure online e-commerce. These include ...

Full strength SSL protects the connection between you and the business owners e-Path payment gateway. It is not possible for internet communication to occur with any e-Path payment gateway without the full protection of SSL being present. If you do not have an SSL capable browser you will not be able to communicate with the secure e-Path system.

e-Path utilises THAWTE SSL. THAWTE is recognised as a world leader in SSL. You can confirm the existence of the THAWTE SSL in two ways ...

1.

Quite independently from e-Path, your browser will confirm the secure e-Path gateway page is under SSL protection by a small padlock icon appearing bottom right of your browser window. Some newer browsers have this within their address bar.

THAWTE SSL can be confirmed with one click

At the top of all secure e-Path gateway pages you can click on the THAWTE graphic to verify directly with THAWTE the validity of the e-Path THAWTE SSL. This is independent of e-Path.

e-Path, PCI DSS Compliance and McAfee™

e-Path utilises the Payment Card Industry Security Standards Council approved and compliant McAfee™ PCI DSS (Payment Card Industry Data Security Standards) program. McAfee™ is a PCI Approved Scanning Vendor (ASV).

McAfee™ is best known for their HACKER SAFE trust mark and is a world leading provider of webserver security services including card vendor PCI (Payment Card Industry) compliance services.

The McAfee™ PCI Compliance program meets the requirements of Visa's CISP and AIS, MasterCard's SDP, American Express' DSS, DiscoverCard and JCB.

McAfee™ performs complex security and vulnerability scanning on an almost continual basis and provides e-Path with concise information on the continued security and PCI DSS compliance status of our secure server.

The 'device' is the secure server used to exclusively perform the e-Path secure credit card payment gateway service on the internet.

Maintaining daily PCI DSS compliance is critical to e-Path and McAfee™ assists us in this process.

HackerSafe & PCI Compliance Scan Results for e-Path

Above: The above graphic is an actual screen capture of part of a McAfee™ report on the security status of the secure e-Path gateway server (device).

Asymmetric Cryptography (Encryption - Decryption):

e-Path uses extraordinarily powerful encryption to further encrypt the payment data entered. 2,048 bit RSA encryption is a patented algorithm and recognised by Visa, Master Card, American Express, Diners Club and JCB as an approved encryption type. With e-Path this occurs on top of and in addition to the SSL encryption that exists to protect the live connection between you and the merchants e-Path payment gateway.

It is our understanding that e-Path is one of only two credit card payment gateways in the world today that deploy individual asymmetrical cryptographic security on a per gateway basis. This means there are entirely unique encryption/decryption systems established for each and every e-Path gateway - every individual gateway is different with its own asymmetric system.

According to Qualys CEO Philippe Courtot: 'The challenge with encryption is that older payment systems were not built to support the scrambling technology... Encryption is the ultimate measure of security..'
(From: http://news.zdnet.com/2100-1009_22-6072594.html)

Here is a example of how a credit card looks when it is encrypted by e-Path. This data is utterly useless to anyone other than the specific merchant it has been encrypted for in the first place ...

Az3jASSVoqHNAKg4bvopr9wjDtdsCT1UTEYBbwAAVc5TvVIuNt7gI830aafGgcfkF
80qAS4Gi7PbKuBhcE7JEx1aSLIxq2jJ2pD0dd2jzznYnxrX6uULu+ec5dsdcRBXVL
WEKPzeKu6htRV9D4U0/lWzgnJEcfp0+tkzS3ntdCfFZnNNABo/d2OAPmjfe9jMDrJqf
u50uEOXkjG2fFn6MFQxvz4jpj7fieo93nZn26J8wOtuDqFcqM9woj5ccBYH63k/ueR8
SD7GZwvfdDJqYmcvrMqRIP0ZmZNdQ9mzRsgjnL9/r9qCt58eg1mgSayGPESd+9
QZp7B6XPpUBybGF4JOF0sOK/CGbZPIrs9/5uOxPx49g1CG2rbjfkkETCUUUScW
PUNNFSTdU9vQlYvtZWCrtn7XRwZQ7clC+vyMhr6XdLATwGE/lsGlNuB97hSV3CJzU
5zaVzP0Skwz0LNhJMJDGNifabjwVQjrj5CPYJhBov8MfCx4VHlekJ+seVn7utPLNk/f2
C6cLVbiXvBmbKlndDeijtn3bi7VU+CkKitmOhOewhlGak6yrLGXEJq33bXyfKyB/A
bYN/3zxqQ4eDERs1Ur4KbOXQ51qImXrTHXntJprGvC8pokl4soPCgGZPM9uEgoqx
vfO0wrwOP6E6gK4htSvZVLVihh80Kmqf2sZXecPfTDZ6ZGrde2/rqw4+tjV++BKa+
c4DP8KtJMkyxK2wSrN7Nooi689trshrQ1Pgq1yVGnKdm/xHr/6sRHvJLfR+KHygfaLr
3xytPX8skkoyU9zf255QvVm5cxrXaDhshsjKVwWlpNbr8VJw55XgjAME0jcQeouXZI
UMVHt4RVIPongqI4ixjqkDqBkIb7qbB3qwdMLMcF6jvULQwGr4JA86wgxgzILHeS3
jdkuri78s8839jkdmmfku59384j&9wksm))kdolem2ui+Nhfu4SEldOkdnka/xon+u8
Ii/TxMDqbc86Lzm94nklenswkxF8=
=tOdt

You may be interested to learn the above is a true example, it is the actual credit card belonging to e-Path's founder. It remains totally and absolutely secure despite is being publicly viewable on this website since 2007. A bold but very effective demonstration of the strength of the encryption used by e-Path.

Once an individual gateway system has been set up for an online business owner they become the only party in the world capable of decrypting card data encrypted on their unique gateway.

What They Say ...

"[e-Path] An ingenuous lateral approach with the potential to ease the pressure on the credit industry as they continue the struggle to close security vulnerabilities with card based live transactions over the internet."
David Taylor - Commerce Tomorrow (Monthly Publication)

"Watch e-Path. The disturbing question is why has it taken so long for a model like this to appear?"
William J Newbury - Financial Reviews, Epay World

"I am not an expert in ecommerce but I know digital credit card information is stored encrypted by online credit card processing corporations (according to Visa/Master Card/American Express/JCB/PCISSC), and this represents a pot-of-gold target for the criminal community which, for reasons that demonstrate the need for firm action that finally works, is still delivering them amazing financial rewards .... When there is no secret or confidential digital data permanently stored then cyber crime itself is nullified. What I find impressive is how radically logical and completely fool proof that strategy is. What seems strange is I can not find any other credit card payment processor that does this, not here in the U.S. nor anywhere else. Australia seems to be the first country actively offering this new security strategy in their ecommerce."
Chad - Contributing comment on Security & Fraud Prevention - e-Commerce Talk

"[e-Path] A new method bred to P.C.I. standards ... sacrifices the convenience of instant internet based transaction processing for the sake of improved security. Granted, they [e-Path] do this well but I for one will not be going to a manual system."
Claire McKinley - Enterprise Commercial Quarterly

"Payment gateway processor 'hacked' ... potentially 100 million credit card details stolen ... There is hope though, and this comes from the initiative of companies that step outside the square to hard-terminate the vulnerabilities that lead to fraud. Perhaps the best example I can think of is the new PCI compliant e-Path manual credit card payment gateway. e-Path is a courageous complete re-design of the gateway system where credit card data is no longer permanently stored online anywhere by the gateway - hard to believe but true and its sending 'wake-up' shock waves throughout the industry at the moment."
'Nightrider' - Contributing comment on Security & Fraud Prevention - e-Commerce Talk

"We all know high strength 2,048 bit asymmetric cryptography is unbreakable. What is unique is how they [e-Path] have designed their relatively simple non-processing online credit card payment service around it. Clever."
'Professor Byte' - Willmington e-Commerce Advisory Committee

"This [e-Path] new direction gives online businesses the ability to seize control of their transaction processes for the purpose of reducing their own direct exposure to risk .... I can see how this would work well .... a safer system offering reduced risk would give banks prime leverage to target their merchant services to the lucrative entry level virtual business market with renewed vigor."
S. Johnston Jnr - Smith, Johnston and Boverich. Strategic Financials.

"You simply can not get a better way to protect credit card information on the internet than for it not to exist on the internet. E-Path delivers what is shaping up to be an almost annoyingly commonsensical solution to the problem of internet based credit card data security."
Damien Croft - CEO, ComCron

"The challenge with encryption is that older payment systems were not built to support the scrambling technology ... Encryption is the ultimate measure of security.."
Qualys CEO Philippe Courtot
From: http://news.zdnet.com/2100-1009_22-6072594.html

"This new manual gateway from the Australia company, e-Path Pty Ltd, will only appeal to those likely to be doing small numbers of transactions per day and as such can not be considered a mainstream alternative to current live online processors .... the market for this type of online/offline service is small. But talk security and e-Path has raised the bar to a very impressive height, no dounbt about that."
Samantha Goldburg - The Online Merchant

"What rock has e-Path been hiding under?" Tracey Ward - The Business Family

"Their non-permanent storage of credit card data nails a previously unattainable goal for online card handlers ... a major achievement that should delight the card provider companies .... you will be hard pressed finding a safer method."
Simon Metcalf - ComZone UK

"We are talking about protecting credit card information aren't we? Their [e-Path] security looks like something you would expect to see safeguarding launch codes for strategic missile launch and not Joe's credit card when he purchases his latest subscription of 'Home Gardening' magazine online. All a bit over the top for my liking but maybe that's what's needed now."
Nigel Tonks

"The issue with online processing is it was never thought through properly. For the sake of allowing credit cards to be accepted as quickly as possible from this new phenomenon called of the internet, policy makers made allowances and cut corners. Businesses have been cursing the cost of fraud ever since. E-Path looks like the first genuine attempt by a payment gateway to improve security by actual design .... even though it is a manual process their approach is quite ingenious .... should help arrest the problem of businesses being unduly vulnerable to financial loss caused by online credit card fraud."
Mary Merrywhether - Article 'Risks in Business'

"Just what the small business operator needs to get happening on the 'net securely without the usual heavy overhead. The only draw back I can see is it reverts back to manual processing but as they point out this also can bring advantages, specifically in the area of security."
Tony Jenkins

"A proper payment gateway processor, no. An easier and safer solution for the smaller e-merchant, quite possibly."
Max Minyarno - Financial Services Manager

"E-Path is no big deal. They have simply identified what causes risk and gone about eliminating it. Bright sparks change the world for the better all the time, like I said, no big deal."
Shane Williams - MacSpeak 2007.

"What a first class little service. Why would people still run the risk of fines by accepting credit card payments online by insecure methods, like email, when doing it right is now so affordable."
Jamie Bradley - Editor, Smart Talk

"I can't see much point in this new [e-Path] service. Where's the automation? OK, so its good news in the security department, a bit cheaper and easier to handle but having to makes charges manually offline is not going to have everyone rushing to change their gateway. It will suit some but certainly not the majority. Nice idea, but not for me."
Trevor - ZNet feedback

"A small company that has achieved something real here .... they understate the contribution I can see them having on making the internet safer and less costly for online businesses."
Joe Briggins - Social media enthusiast specialising in Internet and computer security

"Just my 2c worth. I did this like a year ago. I use e-path. For a full year I have not recorded one single fraud transaction into my merchant account because I can SEE AND IDENTIFY them when I receive them. I can offer my customers the best security there is because none of their credit card details are permanently stored on the world wide web. And to top it off it is cheap and makes me totally PCI compliant without me having to do anything to my site or my hosting. It is an awesome service and I will never go back to the 'dark ages' of Russian roulette with an expensive real time gateway and all those charge backs. No way man.."
'TrueBlue' - Contributing comment on Payment Gateways & Merchant Accounts - e-Commerce Talk

"As everyone scrambles to dig deep into their wallets to become PCI DSS compliant, e-Path has the answer neatly wrapped up in a single package where you don't have to dig so deep."
David Knight - Australian e-commerce industry observer

"Doing things manually gives a huge advantage in stopping credit card fraud ... The average business is fed up with money being taken out of their account [by their bank] because the automatic online charge done last month through their real time gateway now suddenly turns out was a fraudulent one. I think doing things manually has some real advantages."
'John' - Contributing comment on Payment Gateways & Merchant Accounts - e-Commerce Talk