Security

Gateway Security

Tokenization

The EpicPay Gateway offers secure tokenization using modern encryption algorithms and a proprietary PCI-certified key management process for all forms of tokenization. Merchants can utilize EpicPay Gateway tokens in place of storing credit card and bank account information in their own database, which greatly simplifies the merchant's scope for PCI compliance and eliminates their potential for a breach of cardholder data.

For guidance on how to use tokenization in the EpicPay Gateway Payment API, please refer to the Tokenization section.

Velocity / Risk Rules

The EpicPay Gateway employs automated statistical analysis on a per-transaction basis to stop fraudulent payments in their tracks. The automated system uses detailed data specific to each merchant's day-to-day business to customize the risk detection system to each merchant. This allows us instantly detect anomalous activity and to respond immediately and effectively.

Fortis Risk Management Team

Fortis employs an in-house risk management team in order to protect its merchants from fraud and loss. Fortis monitors and identifies unusual activity and red flags in compliance with Bank, Processor, and Association requirements and the federal Bank Secrecy Act (BSA). Fortis recognizes its responsibility to monitor for patterns, practices, or activities that are indicative of potential fraud or misuse of the merchant account. We review the merchant’s transaction activity (sales, credits, retrievals, and chargebacks) daily in an effort to identify fraud, changes in activity over time, inconsistencies with the merchant’s business, and other exception activity to mitigate financial loss.

PCI Compliance

Fortis is dedicated to the security of all our cardholders, partners, and merchants. The security of all data submitted through our systems is of the utmost importance. To that end, we are constantly reviewing industry standards and requirements in order to make sure our systems meet or exceed required levels set forth by the PCI Security Council . Fortis is a PCI Level 1 certified payment provider. In addition to internal controls, our systems and network are monitored 24/7 by an industry-leading, expert security firm. We also undergo routine audits by a certified third-party security assessor in order to achieve and maintain our compliant status with all the card brands. Our validation details can be found on the Visa Global Registry of Service Providers . Please contact Fortis if you have any questions.

PGP Security Key

Introduction

The EpicPay Gateway provides a PGP Public Key, which allows you to send sensitive data to the EpicPay Gateway Security Team in a secure manner. PGP is a method of data encryption that utilizes a public and private key. When you encrypt a file containing sensitive data using a public key, only the owner of the private key can read the sensitive data. In this case, you can use our public key to encrypt sensitive data that only the EpicPay Gateway's Security Team can read.

Download GnuPGP

To encrypt your sensitive data, you must use a PGP encryption program. You can obtain a free copy of GnuPGP here: https://www.gnupg.org/

Once you have imported the EpicPay Gateway Security Team's public key, you can encrypt files by running:

gpg --encrypt --recipient 7BEA236D392620EF YOURFILENAME

PGP Security Key

Key ID: 7BEA236D392620EF
Key Type: RSA
Key Size: 4096 bits
Fingerprint: 49E8 A8CC 9F7C BBF2 B005 6B05 7BEA 236D 3926 20EF