As any astute online business owner will tell you, control is a basic fundamental of management.
Nobody would think to operate a business without having control over it.
Yet, when you accept credit cards online via the current real time online credit card payment gateway system you hand over one of the most critical of decision making responsibilities to a third party system.
When accepting and processing credit card payments 'live' online your third party payment gateway will make the decision as to what orders and credit cards your business accepts and charges, without the business owner even knowing about it.
Automation is a wonderful thing but the fact is you are blind to the process and you have no control over it.
Instantly attempting to process any credit card entered into the system by any anonymous person on the open internet 24/7 is the real time 'live' payment gateway's function, this is how it has been designed and this is what you are paying big money for it to do for you.
But, what happens when it fails?
What happens if you end up with financial loss because they transacted a fraudulent payment?
You only have to look at the growing 'card-not-present' credit card fraud statistics to learn this is becoming an increasingly dangerous likelihood for all online business owners. In fact, near all of the online credit card fraud in the world today, which in turn accounts for the overwhelming majroty of all credit card fraud, is perpetrated via of this very system.
Somehow the online credit card payment processing system is happy with being in control of the decision to charge your customer's credit card or not, but if they get it wrong then have a guess what the end result is ...
Its your fault!
You are the one who has to pay for the financial loss and the dreaded 'charge back' fees that may result.
For those within the online payment gateway industry this is of course perfectly normal practice. In fact some may think it down right troublesome of me to be bringing this strange anomaly to light, after all, this is the way its always been since e-commerce began and this is how its done to this very day.
Well, irrespective of whether we all think that practice is grossly unfair or not, I'm here to tell you that's not the way it has to be any longer.
The e-Path manual credit card payment gateway puts an immediate end to the potentially devastating 'Russian roulette' nature of accepting credit cards online where you as the business owner have no control over what credit card payments your own business accepts.
With e-Path it is the business owner who is able to be in control over what online orders they accept and what credit card payments are charged into their own private merchant account facilities. In short, you win back control over your business.
So not only is e-Path a less expensive and more secure system but e-Path is also ideal for those who want to accept credit cards online but don't want online orders and payments to be automatically accepted and charged without them knowing.
Your merchant account and its input interface from your bank will of course still have all the fraud screening mechanisms and safe guards as required by card vendors, but with e-Path this is IN ADDITION to you being in full and total control over what does and does not get entered into your merchant account in the first place. So you enjoy the best of both worlds!
Seize back control of what orders and payments are accepted online and save a considerable amount of money along the way.
... just a thought
----------------------------------------
Peter Thwaites
E-PATH CREDIT CARD PAYMENT GATEWAY
Saturday, January 16, 2010
Wednesday, January 13, 2010
Is CDU Compliance the future of ecommerce?
At the end of today's rather lengthy rambling you will have a clear understanding of exactly how the vast majority of the world's credit card fraud can be terminated.
Not quite the same thing as disclosing to you the cure for cancer but considering credit card fraud is often thought of as the electronic cancer of our day and age then perhaps pretty close.
Now, it would only be normal for anyone reading this blog so far to be highly sceptical, after all, if the most advanced technology and limitless monetary resources can't stop fraud then how could it possibly be that there is a fool-proof solution?
Well, there most certainly is - the end to the overwhelming majority of the world's credit card fraud is absolutely and positively possible.
Its called CDU (Critical Data Unlpugged) Compliance.
Have a read of that section and you'll end up with the knowledge that has either completely eluded the mega-billion dollar online payment processing industry or perhaps is being quietly ignored by choice.
But first let me make the important point that CDU (Critical Data Unplugged) is not yet an official data security standard. It is not enforceable by any established authority.
CDU is one of those rare initiatives being powered almost entirely by people, ordinary people and ordinary business owners who can no longer tolerate the hardship, pain and financial loss credit card fraud inflicts upon innocent people and businesses all over the world.
And like most things powered by people it has a startling momentum all of its own.
As far as I understand the raw CDU initiative actually originated from Police and law enforcement authority advice to the general public and business communities on how to guarantee total and absolute protection for all forms of critically sensitive information in the internet connected world, not just credit card and identity data.
And Police and law enforcement authorities don't mess around. Keeping people safe and secure is their purpose, they are not motivated or influenced by what makes money or what doesn't make money.
You can't ignore facts
There will perhaps always be card skimming type scams (or similar), or wallets and purses being stolen, but in reality the fraud derived from these methods accounts for less than 2% of credit card fraud today. Some statistics compilers suggest much less, some more. It is very difficult to get an accurate figure.
But by far the real issue is internet borne activity.
It is reported that near 90% (this figure could rise after the recent Heartland payment gateway processor breach is taken into account) of the world's stolen credit card and identity data can be traced back to that data being compromised (hacked, copied, stolen etc.) when permanently stored online, within payment gateway systems, on e-commerce websites, from networks, from storage devices or from internet connected systems.
Real time credit card payment gateway processors have the unenviable reputation of being 'where its at' for hackers, cyber criminals and online criminal gang syndicates. And with the possibility of huge numbers of highly sensitive credit card details permanently stored within their systems, its like a red flag to a bull, the perfect made to measure pot of gold target for online criminals.
Same is the case with any website, online storage device or anything similar that permanently stores sensitive credit card and identity data within its internet connected systems.
And to be frank I find it near impossible to solely and simply lay blame on the criminal element for the terrible credit card fraud mess the world is in. I believe equally responsible are the ones who insist that extremely sensitive credit card and identity data be permanently stored online and thus potentially at risk of being compromised or stolen in the first place.
And here are just a few examples of what can happen ...
See: Possibly 100 Million Credit Cards Compromised
and: Visa Confirms Another Payment Processor Breach
and: 40 Million Credit Cards Hacked
So, what can be possibly done to prevent this? Do cardholders and businesses all need to continue spending much more of their own money to fight this insanity? Many in-the-business organisations and service providers, including the Payment Card Industry Security Standards Council, would perhaps say "yes, spend more of your money".
But the fact is terminating the actual root cause of why credit card and identity data becomes potentially available to be stolen in the first place (which is in turn the very reason why credit card fraud can exist) should not cost cardholders and businesses a single cent.
Making e-commerce safe and secure should not require you to continually have to dig deeper and deeper into your own wallet or purse. It should not mean businesses that want to accept credit cards online are forced to the wall with having to pay ever increasing costs, fees and charges.
And dare I even further suggest that card vendor companies themselves, such as Visa International, Master Card, American Express and Diners Club could well do without the extra cost of creating and re-issuing a new credit card every time its reported that credit card data has been stolen or compromised. At a reported $10.00 per instance this cost burden could possibly amount to a yearly figure well into the high multiple tens of millions of dollars.
The answer is CDU Compliance.
The fact is when critically sensitive data doesn't exist it can't possibly be stolen.
Data can not be stolen if it doesn't exist.
And without any credit card or identity data being stolen or compromised then credit card fraud can not possibly exist.
The understanding of those indisputable and fundamental facts and the bold preparedness to implement ground-breaking practices, policies and processes based on them has the potential to turn dreams of a world without credit card fraud into an absolute distinct possibility.
The need to get with the program
In order for CDU to turn the tide against credit card fraud it will need widespread industry acceptance. Credit card handling service providers, online payment gateways, confidential data handling organisations and e-commerce enterprises will need to significantly change their approach to security in order to comply with CDU.
e-Path can not change the world for the better on our own. And here rests the problem.
In just the online credit card payment processing industry alone, if CDU compliance (or similar) became a required security standard this would perhaps force a complete redesign of the online processing system. It would also render the current system that stored card data and identity data within its systems as defunct. I can't see the online payment gateway industry allowing this to happen.
When you have the real time credit card payment processing industry as the most well represented participating organisation group within the industry's security governing body (Payment Card Industry Security Standards Council) itself, the obvious concern would be that any talk of introducing CDU compliance or anything similar would be dismissed at lightening speed.
Therefore it follows that there is the very real risk the major thrust of PCI will remain focused on continually battling the symptoms of a vulnerable system rather than focus its efforts towards terminating the true cause of the actual vulnerability itself, i.e., stay trying to protect permanently stored critically sensitive data instead of simply disallowing it in the first place.
Currently not one single participating organisation of PCI operates to CDU standards.
Not one single participating organisation of PCI is a manual credit card payment gateway like e-Path is.
Its like back in the 1970's trying to push the virtues of an electric car when the authority body is made up of oil company representatives!
Therefore, critically sensitive credit card and identity data as well has highly confidential business transaction records and data will continue to be permanently stored by online real time payment gateway processors whether cardholders and businesses like it or not.
Incidentally (and moving off the track a little), this has always astounded me. Let me ask you, when you last paid by credit card online were you told your own highly sensitive credit card details and identity information was about to be permanently stored somewhere within the online payment gateway's systems?
In my opinion the cardholder has an absolute right to know what is going to happen with their own highly sensitive credit card and identity details. In fact, this is actually a specific requirement of Australian National Privacy Policy laws.
So, when you paid online last time did the e-commerce website disclose to you that your credit card and identity data is about to be permanently stored somewhere within its chosen online payment gateway system? Did the real time payment gateway make any attempt whatsoever to disclose this to you?
In other words, are they complying with Australian Privacy Policy laws?
e-Path does.
It is a condition of the e-Path service that all e-Path gateway clients must include on their site a link to a page that truthfully discloses to the cardholder exactly what is going to happen to their highly confidential and private credit card and identity information.
This is the page: Paying Safely Online With Your Credit Card
When cardholders know what is about to happen to their critically sensitive credit card and identity information they then can make up their own minds whether to take the risk and pay using a real time online payment gateway processor or leave the shopping site they are on and head over to one that uses a CDU Compliant credit card payment gateway, such as e-Path, where they will know their highly confidential credit card and identity details will never be permanently stored within the online payment gateway's systems.
For cardholders who are concerned about the security of their confidential credit card and identity details its a 'no brainer' in my opinion.
Now back to my original train of thought ...
With highly sensitive credit card and identity details being permanently stored within payment gateway systems, e-commerce websites, online storage devices, internet connected systems and networks, hackers, cyber criminals and online criminal gang syndicates will continue to have the perfect environment sitting there ready to target. And the credit card payment industry itself will have the perfect justification to further increase costs, charges and fees because its all in the name of attempting to stay ahead of security risks and vulnerabilities.
PCI DSS helps but CDU gets the job done
While it is true the introduction of PCI DSS (Payment Card Industry Data Security Standards) has resulted in card handling and storing practices becoming much more secure, the fact is PCI compliance alone can not, and does not claim to, guarantee 100% credit card and identity data protection.
Here are some more facts - the largest security breach in the history of e-commerce which saw tens of millions of credit card details being stolen was from a PCI Compliant real time payment gateway processor ...
See: Massive data breach on PCI compliant gateway
PCI Compliance is a huge positive, no doubt about that, but PCI can not possibly protect against a brand new hacking technology that may be completed tonight and unleashed on to the internet tomorrow morning.
But CDU does.
Without any major change to the practice of permanently storing highly sensitive credit card and identity data we will still be hearing of instances of credit card and identity data security breaches for the foreseeable future.
People and businesses will continue to suffer and we will continue to be bombarded with warnings about the risk to all our private data which will, invariably, be accompanied by discrete suggestions for us all to spend more money so that we all can be "more secure".
Very little, if anything, will change.
Except perhaps for one thing .... people power.
People power can force a more secure ecommerce future
There's a growing ground swell of frustration towards an industry that appears to be doing little more than inventing more complex ways to take more of your money while making it more difficult and more costly for online businesses to accept credit cards online. All for the sake of "improving security" of course.
Yet, if they wanted to they could make CDU an enforceable security standard and instantly terminate the core root cause of around 90% of all credit card and identity data theft in the world today, which would also see credit card fraud dry up to a trickle.
My own personal and rather controversial opinion is that any industry that point-blank refuses to terminate the actual root reason behind the very vulnerability that is potentially threatening its own existence is an industry in serious trouble.
Banks - yet to insist on CDU
Surely merchant account providers (banks) would seize on CDU with both hands and insist their merchants accept credit cards online only using CDU compliant credit card payment gateways.
Unfortunately there is no evidence of that yet.
Even though CDU guarantees the termination of the core reason why the overwhelming majority of credit card and identity data becomes stolen in the first place, and will thus have a massive impact on reducing the instances of credit card fraud world wide, the fact is the third party payment processing industry is a powerful body. I do not believe they would permit banks to insist on CDU compliance exclusively.
Thankfully, you as the business owner, or you as the cardholder now have a choice.
You can actively choose to utilise the services of a CDU compliant payment gateway to accept credit card payment authorisations from your website, or, as a cardholder you can choose to only pay online using a CDU compliant payment gateway, like e-Path.
CDU is quickly shaping up to be the very banner under which ordinary people and security conscious online business owners can enjoy a level of security that far exceeds what the payment card industry is prepared to provide or support.
CDU security practices are being adopted, by choice, by people and businesses courageous enough to move away from permanently storing sensitive data on internet connected systems, storage devices and networks in order to afford themselves and their customers with, arguably, by far the most effective data protection practice ever proposed.
e-Path is one such company.
But being the first credit card payment gateway of our particular type, designed from the ground up to terminate core root causes of risk and vulnerability and one that is indeed operating to CDU ideals, has put us into uncharted waters. Not the most comfortable of positions to be.
To learn how e-Path came about, see: About e-Path Pty Ltd.
Conclusion
I would like to remind people that e-Path is a manual credit card payment gateway. The process of charging credit cards is a manual one performed by the bank approved merchant account owner only - and not by any person connected to the open internet without the business owner knowing as is the case with the real time 'live' payment gateway processing system. Therefore, e-Path will only suit those businesses doing small to medium numbers of transactions per day.
The handling of large volumes of online credit card payments daily remains the exclusive domain of the more expensive automated 'live' online processing system for obvious reasons.
But by venturing well in advance of established architecture and mechanics and by operating to CDU ideals, e-Path is able to deliver a brand new method to accept credit cards online that is now closer than ever before to achieving the 'Holy grail' in online card data security ...
You can't thieve something that doesn't exist - the absolute perfect impossibility.
With CDU practices now clearly defined and indeed available to be adopted by any person or business, including the payment processing industry itself (should they so choose), the overwhelming majority of credit card and identity data theft and indeed the resulting credit card fraud that can occur because of this is now NOT something that has to be part of our online world.
From now on it largely exists by choice.
And e-Path is one company that's boldly made the choice for it not to exist any longer.
... just a thought
----------------------------------------
Peter Thwaites
E-PATH CREDIT CARD PAYMENT GATEWAY
Not quite the same thing as disclosing to you the cure for cancer but considering credit card fraud is often thought of as the electronic cancer of our day and age then perhaps pretty close.
Now, it would only be normal for anyone reading this blog so far to be highly sceptical, after all, if the most advanced technology and limitless monetary resources can't stop fraud then how could it possibly be that there is a fool-proof solution?
Well, there most certainly is - the end to the overwhelming majority of the world's credit card fraud is absolutely and positively possible.
Its called CDU (Critical Data Unlpugged) Compliance.
Have a read of that section and you'll end up with the knowledge that has either completely eluded the mega-billion dollar online payment processing industry or perhaps is being quietly ignored by choice.
But first let me make the important point that CDU (Critical Data Unplugged) is not yet an official data security standard. It is not enforceable by any established authority.
CDU is one of those rare initiatives being powered almost entirely by people, ordinary people and ordinary business owners who can no longer tolerate the hardship, pain and financial loss credit card fraud inflicts upon innocent people and businesses all over the world.
And like most things powered by people it has a startling momentum all of its own.
As far as I understand the raw CDU initiative actually originated from Police and law enforcement authority advice to the general public and business communities on how to guarantee total and absolute protection for all forms of critically sensitive information in the internet connected world, not just credit card and identity data.
And Police and law enforcement authorities don't mess around. Keeping people safe and secure is their purpose, they are not motivated or influenced by what makes money or what doesn't make money.
You can't ignore facts
There will perhaps always be card skimming type scams (or similar), or wallets and purses being stolen, but in reality the fraud derived from these methods accounts for less than 2% of credit card fraud today. Some statistics compilers suggest much less, some more. It is very difficult to get an accurate figure.
But by far the real issue is internet borne activity.
It is reported that near 90% (this figure could rise after the recent Heartland payment gateway processor breach is taken into account) of the world's stolen credit card and identity data can be traced back to that data being compromised (hacked, copied, stolen etc.) when permanently stored online, within payment gateway systems, on e-commerce websites, from networks, from storage devices or from internet connected systems.
Real time credit card payment gateway processors have the unenviable reputation of being 'where its at' for hackers, cyber criminals and online criminal gang syndicates. And with the possibility of huge numbers of highly sensitive credit card details permanently stored within their systems, its like a red flag to a bull, the perfect made to measure pot of gold target for online criminals.
Same is the case with any website, online storage device or anything similar that permanently stores sensitive credit card and identity data within its internet connected systems.
And to be frank I find it near impossible to solely and simply lay blame on the criminal element for the terrible credit card fraud mess the world is in. I believe equally responsible are the ones who insist that extremely sensitive credit card and identity data be permanently stored online and thus potentially at risk of being compromised or stolen in the first place.
And here are just a few examples of what can happen ...
See: Possibly 100 Million Credit Cards Compromised
and: Visa Confirms Another Payment Processor Breach
and: 40 Million Credit Cards Hacked
So, what can be possibly done to prevent this? Do cardholders and businesses all need to continue spending much more of their own money to fight this insanity? Many in-the-business organisations and service providers, including the Payment Card Industry Security Standards Council, would perhaps say "yes, spend more of your money".
But the fact is terminating the actual root cause of why credit card and identity data becomes potentially available to be stolen in the first place (which is in turn the very reason why credit card fraud can exist) should not cost cardholders and businesses a single cent.
Making e-commerce safe and secure should not require you to continually have to dig deeper and deeper into your own wallet or purse. It should not mean businesses that want to accept credit cards online are forced to the wall with having to pay ever increasing costs, fees and charges.
And dare I even further suggest that card vendor companies themselves, such as Visa International, Master Card, American Express and Diners Club could well do without the extra cost of creating and re-issuing a new credit card every time its reported that credit card data has been stolen or compromised. At a reported $10.00 per instance this cost burden could possibly amount to a yearly figure well into the high multiple tens of millions of dollars.
The answer is CDU Compliance.
The fact is when critically sensitive data doesn't exist it can't possibly be stolen.
Data can not be stolen if it doesn't exist.
And without any credit card or identity data being stolen or compromised then credit card fraud can not possibly exist.
The understanding of those indisputable and fundamental facts and the bold preparedness to implement ground-breaking practices, policies and processes based on them has the potential to turn dreams of a world without credit card fraud into an absolute distinct possibility.
The need to get with the program
In order for CDU to turn the tide against credit card fraud it will need widespread industry acceptance. Credit card handling service providers, online payment gateways, confidential data handling organisations and e-commerce enterprises will need to significantly change their approach to security in order to comply with CDU.
e-Path can not change the world for the better on our own. And here rests the problem.
In just the online credit card payment processing industry alone, if CDU compliance (or similar) became a required security standard this would perhaps force a complete redesign of the online processing system. It would also render the current system that stored card data and identity data within its systems as defunct. I can't see the online payment gateway industry allowing this to happen.
When you have the real time credit card payment processing industry as the most well represented participating organisation group within the industry's security governing body (Payment Card Industry Security Standards Council) itself, the obvious concern would be that any talk of introducing CDU compliance or anything similar would be dismissed at lightening speed.
Therefore it follows that there is the very real risk the major thrust of PCI will remain focused on continually battling the symptoms of a vulnerable system rather than focus its efforts towards terminating the true cause of the actual vulnerability itself, i.e., stay trying to protect permanently stored critically sensitive data instead of simply disallowing it in the first place.
Currently not one single participating organisation of PCI operates to CDU standards.
Not one single participating organisation of PCI is a manual credit card payment gateway like e-Path is.
Its like back in the 1970's trying to push the virtues of an electric car when the authority body is made up of oil company representatives!
Therefore, critically sensitive credit card and identity data as well has highly confidential business transaction records and data will continue to be permanently stored by online real time payment gateway processors whether cardholders and businesses like it or not.
Incidentally (and moving off the track a little), this has always astounded me. Let me ask you, when you last paid by credit card online were you told your own highly sensitive credit card details and identity information was about to be permanently stored somewhere within the online payment gateway's systems?
In my opinion the cardholder has an absolute right to know what is going to happen with their own highly sensitive credit card and identity details. In fact, this is actually a specific requirement of Australian National Privacy Policy laws.
So, when you paid online last time did the e-commerce website disclose to you that your credit card and identity data is about to be permanently stored somewhere within its chosen online payment gateway system? Did the real time payment gateway make any attempt whatsoever to disclose this to you?
In other words, are they complying with Australian Privacy Policy laws?
e-Path does.
It is a condition of the e-Path service that all e-Path gateway clients must include on their site a link to a page that truthfully discloses to the cardholder exactly what is going to happen to their highly confidential and private credit card and identity information.
This is the page: Paying Safely Online With Your Credit Card
When cardholders know what is about to happen to their critically sensitive credit card and identity information they then can make up their own minds whether to take the risk and pay using a real time online payment gateway processor or leave the shopping site they are on and head over to one that uses a CDU Compliant credit card payment gateway, such as e-Path, where they will know their highly confidential credit card and identity details will never be permanently stored within the online payment gateway's systems.
For cardholders who are concerned about the security of their confidential credit card and identity details its a 'no brainer' in my opinion.
Now back to my original train of thought ...
With highly sensitive credit card and identity details being permanently stored within payment gateway systems, e-commerce websites, online storage devices, internet connected systems and networks, hackers, cyber criminals and online criminal gang syndicates will continue to have the perfect environment sitting there ready to target. And the credit card payment industry itself will have the perfect justification to further increase costs, charges and fees because its all in the name of attempting to stay ahead of security risks and vulnerabilities.
PCI DSS helps but CDU gets the job done
While it is true the introduction of PCI DSS (Payment Card Industry Data Security Standards) has resulted in card handling and storing practices becoming much more secure, the fact is PCI compliance alone can not, and does not claim to, guarantee 100% credit card and identity data protection.
Here are some more facts - the largest security breach in the history of e-commerce which saw tens of millions of credit card details being stolen was from a PCI Compliant real time payment gateway processor ...
See: Massive data breach on PCI compliant gateway
PCI Compliance is a huge positive, no doubt about that, but PCI can not possibly protect against a brand new hacking technology that may be completed tonight and unleashed on to the internet tomorrow morning.
But CDU does.
Without any major change to the practice of permanently storing highly sensitive credit card and identity data we will still be hearing of instances of credit card and identity data security breaches for the foreseeable future.
People and businesses will continue to suffer and we will continue to be bombarded with warnings about the risk to all our private data which will, invariably, be accompanied by discrete suggestions for us all to spend more money so that we all can be "more secure".
Very little, if anything, will change.
Except perhaps for one thing .... people power.
People power can force a more secure ecommerce future
There's a growing ground swell of frustration towards an industry that appears to be doing little more than inventing more complex ways to take more of your money while making it more difficult and more costly for online businesses to accept credit cards online. All for the sake of "improving security" of course.
Yet, if they wanted to they could make CDU an enforceable security standard and instantly terminate the core root cause of around 90% of all credit card and identity data theft in the world today, which would also see credit card fraud dry up to a trickle.
My own personal and rather controversial opinion is that any industry that point-blank refuses to terminate the actual root reason behind the very vulnerability that is potentially threatening its own existence is an industry in serious trouble.
Banks - yet to insist on CDU
Surely merchant account providers (banks) would seize on CDU with both hands and insist their merchants accept credit cards online only using CDU compliant credit card payment gateways.
Unfortunately there is no evidence of that yet.
Even though CDU guarantees the termination of the core reason why the overwhelming majority of credit card and identity data becomes stolen in the first place, and will thus have a massive impact on reducing the instances of credit card fraud world wide, the fact is the third party payment processing industry is a powerful body. I do not believe they would permit banks to insist on CDU compliance exclusively.
Thankfully, you as the business owner, or you as the cardholder now have a choice.
You can actively choose to utilise the services of a CDU compliant payment gateway to accept credit card payment authorisations from your website, or, as a cardholder you can choose to only pay online using a CDU compliant payment gateway, like e-Path.
CDU is quickly shaping up to be the very banner under which ordinary people and security conscious online business owners can enjoy a level of security that far exceeds what the payment card industry is prepared to provide or support.
CDU security practices are being adopted, by choice, by people and businesses courageous enough to move away from permanently storing sensitive data on internet connected systems, storage devices and networks in order to afford themselves and their customers with, arguably, by far the most effective data protection practice ever proposed.
e-Path is one such company.
But being the first credit card payment gateway of our particular type, designed from the ground up to terminate core root causes of risk and vulnerability and one that is indeed operating to CDU ideals, has put us into uncharted waters. Not the most comfortable of positions to be.
To learn how e-Path came about, see: About e-Path Pty Ltd.
Conclusion
I would like to remind people that e-Path is a manual credit card payment gateway. The process of charging credit cards is a manual one performed by the bank approved merchant account owner only - and not by any person connected to the open internet without the business owner knowing as is the case with the real time 'live' payment gateway processing system. Therefore, e-Path will only suit those businesses doing small to medium numbers of transactions per day.
The handling of large volumes of online credit card payments daily remains the exclusive domain of the more expensive automated 'live' online processing system for obvious reasons.
But by venturing well in advance of established architecture and mechanics and by operating to CDU ideals, e-Path is able to deliver a brand new method to accept credit cards online that is now closer than ever before to achieving the 'Holy grail' in online card data security ...
You can't thieve something that doesn't exist - the absolute perfect impossibility.
With CDU practices now clearly defined and indeed available to be adopted by any person or business, including the payment processing industry itself (should they so choose), the overwhelming majority of credit card and identity data theft and indeed the resulting credit card fraud that can occur because of this is now NOT something that has to be part of our online world.
From now on it largely exists by choice.
And e-Path is one company that's boldly made the choice for it not to exist any longer.
... just a thought
----------------------------------------
Peter Thwaites
E-PATH CREDIT CARD PAYMENT GATEWAY
Subscribe to:
Posts (Atom)
