EPIC MPOS
Having analyzed the current inefficiencies in various POS payment systems, EPIC has designed its proprietary MPOS Merchant Acquiring Platform with EPIC MPOS Solution. It is a new platform that enables acquirers to quickly provide smartphone-driven Magnetic Stripe and Chip Card payment solutions to small and medium-sized merchants.
With MPOS Solution, a merchant’s smart phone is transformed into a secure point-of-sale device by pairing with a PCI PTS certified Card Reader which meets industry security standards. The Card Reader connects to the smart phone or tablet device via Bluetooth technology and enables merchants to accept both Magnetic Stripe and Chip Cards using a secure Mobile Application available on Android mobile operating platform which could be downloaded through the Google Play Store app market.
The unique design and security architecture of the Mobile Application delivers 1st level point-to-point data encryption and all transaction related security keys are stored in a Secure Area of the Smart Phone and Card Reader devices which is 100% secure and inaccessible to unauthorized entities. The solution provides the capability in capturing customer signatures after authorization and the digital receipt for completed transactions could be sent via SMSs.
Merchant Smart Phone initiated transactions are first received by a SSL Server deployed at Client premises. Subsequently, the transaction is routed to MPOS Switch which performs all transaction verifications and forwards to Card Host for authorization. The MPOS Switch also stores transaction details in accordance to PA-DSS standards and operates as a centralized repository for Digital Receipts.
The Solution delivers the full spectrum of POS transactions as outlined below, while carrying no limitations in MPOS service facilitation:
- Sale
- Void
- Transaction History
- Reversal
- Settlement
- PIN Change
- Signature Uploading
EPIC ACS
The EPIC Access Control Server (ACS) is a highly scalable proven authentication solution residing within the realm of the Issuer domain which provides real-time cardholder authentication during the online shopping process. It offers central management of the authentication process for 3-D Secure scenarios providing all parties with a level of assurance similar to what is experienced in ‘card present’ transactions.
EPIC ACS can interface with Directory Servers from interchanges, Authentication History Servers, Bank Card Host, OTP Solutions, and SMS/Email Servers. It is compatible with all generic browsers such as Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera and Apple Safari etc.
The set of key functionalities performed by ACS is elaborated below:
- Sale
- Void
- Transaction History
- Reversal
- Settlement
- PIN Change
- Signature Uploading
Generate and send Payer Authentication Response (PARes) to MPI which affirms or denies the validity of the match between the ACS record and the cardholder’s input, including some authentication data required to build a 3-D Secure authorization request such as the reference values generated to validate the integrity of the transaction data.
EPIC TLE
EPIC Terminal Line Encryption (TLE) Solution is an extremely secured communication channel encryption solution that offers increased security from the EDC/POS Terminal to the Bank’s Acquirer Host when transferring payment transaction data online. The strength of this solution lies in its use of proven, industry standard and cutting-edge technologies to encrypt all the sensitive data fields in the transaction data packet. EPIC TLE Solution is geared to protect online transactions from all kinds of vulnerabilities and threats that originate due to unsecured communication channels from the EDC/POS Terminal to the Acquirer Host. It is an extension to the existing electronic transaction processing systems of banks.
EPIC TLE Solution comprehensively protects card users, acquirers and issuers from all types of commonly known threats and vulnerabilities such as Eavesdropping, Ghost Terminals, Host Spoofing, Line/Wire Tapping and Replay Attacks. The continuous R&D investments by EPIC will ensure timely and proactive upgrades to EPIC TLE preventing possible new attacks in the future too. Implementation of EPIC TLE is easy and fast since it does not demand major changes, additions or upgrades to the existing payment infrastructure. It works as a plug-and-play system with simple integration to the existing payment infrastructure. EPIC TLE provides a Line Encryption Server that facilitates the encryption and decryption of the transaction data packets and a Protect Server Gold HSM to support automated secure key generation and key injection processes. From an administrative perspective, a comprehensive Web-based Application offers users a greater flexibility and convenience in managing different functions and operations.
The solution comprises of the following components:
- TLE Server
- Front-end Application
- Hardware Security Module
- TLE Web Application
