Security


 

Gateway Security


Tokenization

The EpicPay Gateway offers secure tokenization using modern encryption algorithms and a proprietary PCI-certified key management process for all forms of tokenization. Merchants can utilize EpicPay Gateway tokens in place of storing credit card and bank account information in their own database, which greatly simplifies the merchant's scope for PCI compliance and eliminates their potential for a breach of cardholder data.

For guidance on how to use tokenization in the EpicPay Gateway Payment API, please refer to the Tokenization section.

 

Velocity / Risk Rules

The EpicPay Gateway employs automated statistical analysis on a per-transaction basis to stop fraudulent payments in their tracks.  The automated system uses detailed data specific to each merchant's day-to-day business to customize the risk detection system to each merchant.  This allows us instantly detect anomalous activity and to respond immediately and effectively.

 

Fortis Risk Management Team

Fortis employs an in-house risk management team in order to protect its merchants from fraud and loss. Fortis monitors and identifies unusual activity and red flags in compliance with Bank, Processor, and Association requirements and the federal Bank Secrecy Act (BSA). Fortis recognizes its responsibility to monitor for patterns, practices, or activities that are indicative of potential fraud or misuse of the merchant account. We review the merchant’s transaction activity (sales, credits, retrievals, and chargebacks) daily in an effort to identify fraud, changes in activity over time, inconsistencies with the merchant’s business, and other exception activity to mitigate financial loss.

PCI Compliance


Fortis is dedicated to the security of all our cardholders, partners, and merchants. The security of all data submitted through our systems is of the utmost importance. To that end, we are constantly reviewing industry standards and requirements in order to make sure our systems meet or exceed required levels set forth by the PCI Security Council . Fortis is a PCI Level 1 certified payment provider. In addition to internal controls, our systems and network are monitored 24/7 by an industry-leading, expert security firm. We also undergo routine audits by a certified third-party security assessor in order to achieve and maintain our compliant status with all the card brands. Our validation details can be found on the Visa Global Registry of Service Providers . Please contact Fortis if you have any questions.

PGP Security Key


 

Introduction

The EpicPay Gateway provides a PGP Public Key, which allows you to send sensitive data to the EpicPay Gateway Security Team in a secure manner. PGP is a method of data encryption that utilizes a public and private key. When you encrypt a file containing sensitive data using a public key, only the owner of the private key can read the sensitive data. In this case, you can use our public key to encrypt sensitive data that only the EpicPay Gateway's Security Team can read.

 

Download GnuPGP

To encrypt your sensitive data, you must use a PGP encryption program. You can obtain a free copy of GnuPGP here: https://www.gnupg.org/

Once you have imported the EpicPay Gateway Security Team's public key, you can encrypt files by running:

gpg --encrypt --recipient 7BEA236D392620EF YOURFILENAME

 

PGP Security Key

  • Key ID: 7BEA236D392620EF
  • Key Type: RSA
  • Key Size: 4096 bits
  • Fingerprint: 49E8 A8CC 9F7C BBF2 B005 6B05 7BEA 236D 3926 20EF
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFuhfb0BEAC7B0qOutjd59ZwKOmuGsviOgz19JRJGKw8wn40rFlkuyhmupUT
1Y/CaSndDgnNxFhCObcXo1BT+NP4dj2ke2w3H4nVed/ni0w3hKgV6cFqK9Z3+br3
4iWuOGa7Y2gsxNJ9ow5V9XPIoSjasUHIXjRcrzgiTqJK9nw3n//oTmu1tSxeSFpF
tWQNlOjDZ5y8vEb98xMJt26+Nh3beRjdNrrT3ht8cKXaELNt5958tOfaJkVq5HUM
BrZ6KEOexRquBW352J7A1of4wTx9LrfF3WTZaAFLjSAIBioRuqyUPPWDlSnU761R
YuFBSCIABmHnlCOY8Z9zjmOLkWD7m56k7/2PxNJe3+2tWmLRQ/kssHu+AhvHil1y
iQOTz0f4FkmP0x+3+SMwpwrTj7LUdtQNSDXRHPrbLjb751IqbVUJaie2TjR6MKZ8
g4KWZd/bnldPy1Rz4nqZ95Gn6+0g+uFXKneEUj2QNH274yLFYmJshoMjaqWJGjs2
3g7HT5+5sQ0VkDG4KtVFeQSk/UZrtsi1IGZVOJoJfwWEyVMSoTmAjEy1kWRLDUBl
aKIJTGYix/fyjaEfERULOt/dFcBhbc5ftAZpZXcFDY7owMl+CXIxuT8slJQb5L2m
Ix17k/JckEOaq4cnZUtb4Dr2uMXrsiIZXxB0YkfluhzIhaEPx7rvMeR9cwARAQAB
tCtFcGljUGF5IChEYXRhIEltcG9ydCkgPGRldnRlYW1AZXBpY3BheS5jb20+iQJO
BBMBCAA4FiEESeiozJ98u/KwBWsFe+ojbTkmIO8FAluhfb0CGwMFCwkIBwIGFQoJ
CAsCBBYCAwECHgECF4AACgkQe+ojbTkmIO8OYw//XO8kObMOcGaT+kEkWHhYUrEC
+ADscDxIcizy0ajZlt+zyGK7W7dgi4UGI2LqfMJ42ZILurUXB+mKhKXaC62zosnH
XMQvdCTsdvQpzKUfTPZOVXE5hlv8wS/Zaa99tIgIraPdrfcmw267EghcHtDCr1KE
L1AQLgERIlBjiVTzNS/P3F7unFJ+KgmwA8BU6puy2zEShYkAbB1oVJA8575qHN0g
x2FTFcyWHNCInwWt0LrM7K3J+B5OCFSfjdSNfrwkHjwS5EqUioNWpAaPs+zK/zED
6zq6gSnN8yQlOmC8YhMMrSGWGjNznwyzdDgc5dheYEToRqpwrtLMG2cKiKWNqnPM
R4YaeR8cD3A9pMs68aRpRG6tdYyJ01v9RXA0+ubT5HxZVOkHFVKWYvANpq92zwcb
7nD/6wmhDTeF+D0xeVTIT+UWZ5iQs30HuiZg4AaTvlfrWT5Agwl53BsiWcjtnxsd
b6htLESls6AgdP/EYmJROGo3e0TpYK26Z6J/ThGXjqZYN7rNPVYKOWrMyMeio27H
yqs6ffJuKFTtbq5XZcsG7fj88xLnL5rH9dqIPg0Lm9SZKdtVIoOkfbIo95ttYD/U
PChSUqc2fPPZOqotQ0C20v5UmkW2edUWWS+5uYR8ihSJtXr1zqPBU1q/xRRbv8LN
exORECFgSINUOSe96we5Ag0EW6F9vQEQALXlAbvWUUKl+27/zccEAoToMI0md96Y
rD3ENkHrkL/VB85Qr7biT1XtTDOW6Q5ySeq2amz2HUpgs+Lj0nY0EW36yAiUa9/v
8qyp5e0N7dZykLlhBbu5AWl9pMU01x65wwja5m1hn4NamjuCKKjy8V0BioB7cSRy
vJAuDho83zeT763o+sZFkjLuKRZ2h/JrZhE0ZBnHTP+pGAlGEP/eVMN43CoESs6p
a+BPPHwgTufq2aphj1hwBUFcpBZElK9RdL3XXvAVm5zFJW7CyC+dL3fijHXTElKA
ReLZ1PO+mExRhVgDc3PUa063/sECuEe1gCTDbca6LTXkZrhhYLHwwbrWcahg6dDp
dQwwfUr/izifpAttwonKbixSE3t4551ml2CqdtaIBQeaF6xDZBOQMdGiyJWDF1em
Zlu+K6ZjxnoAbTCpw6bY1LP37pNLI4JABKeBi4LV/Klq0qJeYHdSh/DMi13hVIXW
HfRa98jaWcsNhO9R/mTtkvbixja3bA6aA2/Pdx9mm0NZAyGmaEtfLMl0iwJ48wcw
Dq9jfou1mmjLiiLKUDKdCkuVGIMfclXSitoNZL7JOJA0pZLU6YyFG+T8ekBWiIfB
EfcJHCqm+Gg1ZfW2pW6HHKVSt5cjaFXXy2/bkc9QKIrkMg75ldHIWjD3OPKwa9/R
4hUCKsHYIz71ABEBAAGJAjYEGAEIACAWIQRJ6KjMn3y78rAFawV76iNtOSYg7wUC
W6F9vQIbDAAKCRB76iNtOSYg753jD/9An/umprCdqQVJ3oJfyNoig+YCkumITTly
BiVGAoCt8UFeydfZB40/DJIrYh5jXizymEsNLtoAv6v7i0kyuinhl7IGMaCunnN5
ie+SBMi+7hqR/NIY80ABVoO6bHZ1yBxi00/+Ym3J71VB6dXEOTyhlucyHovpINR/
u9Uir20amzkmP3NimDb+0NRYmCfV5QZplcw6GGM2qGEDOsM12neWsRnZFLFGDO0Q
dSlxirt57+5W9+eUowPq965ZfEkv9VEEUXbwR1bDTjSpFgizEpkDEfc4r+CRUSDe
sQLItqmqwBIDCKqgM3KE559zT4XCLw4TNZKm6EjAtl3jBKfQNtk0JbbwgT74qjwy
2TaTKtFdZDGUWwWXJQpUcO9TulTNC7q0P4b6fY75EBC/e4UFBs3cCEgS5kYt0RRb
cJmgPwHXecNQzFM2xv58+r8PSiPN7lZnBzx9McuFyzFbIuptALSe4YrMGL5e0gpc
+LtJoeRtabDnyiYMTurQ2Kd5xKfJwfrLE4rg6kR6XHSVrNdBzb1/LwPOzp8VWJIR
tmwZ3zvj25rNZoiX9pBAgq6HyXCzmQnW+C37QNTS93lXL50C6Ee+t2GqsHUe7rlz
3u4EZNR8jHhymwL9xrUlYvMnuHDTZfh5pWPzGnovD9n+ZiuFO5pgi/y7iPiTdV5O
E+2Vnz7UlA==
=rh1R
-----END PGP PUBLIC KEY BLOCK-----