Epic TLE – Terminal Line Encryption Solution

Click here to download the product brochure

EPIC TLE is an extremely secured communication channel encryption solution that offers increased security from the EDC/POS terminal to the bank’s acquirer host when transferring payment transaction data online. The strength of this solution lies in its use of proven, industry standard and cutting edge technologies to encrypt all the sensitive data fields in the transaction data packet. Epic TLE system is geared to protect online transactions from all kinds of vulnerabilities and threats that originate as a result of unsecured communication channels from the terminal to the acquirer host.  Epic TLE is an extension to the existing electronic transactions processing systems of banks.

 Epic TLE comprehensively protects card users, acquirers and issuers from all types of commonly known threats and vulnerabilities such as Eavesdropping, Ghost Terminal, Host Spoofing, Line/Wire Tapping and Replay Attacks. The continuous R&D investments of Epic will ensure timely and proactive upgrades to Epic TLE preventing possible new attacks in the future too.

Implementation of Epic TLE is easy and fast as it does not demand major changes, additions or upgrades to the existing payment infrastructure. It works as a plug and play system with simple integration to the existing payment infrastructure. Epic TLE provides a Line Encryption Server that facilitates the encryption and decryption of the transaction data packets and a Protect Server Gold HSM to support automated secure key generation and key injection process. Its web-based application offers users a greater flexibility and convenience in managing different functions of the operations.

 The solution consists of following modules;

  • EPIC Terminal Line Encryption Server (EPIC TLE)
  • EDC/POS Application
  • Hardware Security Module (Protect Server Gold)
  • Line Encryption Server Web Application

Need for TLE in Combating Fraud

The evolution of the electronic transactions happened quite fast during the last two decades with the rapid growth of telecommunication infrastructure and other information communication technologies such as enterprise IT systems, the internet and mobile gateways. Today, the electronic payment cards have become popular, very convenient and innovative instruments for payment transactions almost everywhere in the world.

However, the use of payment cards in massive scale has exposed users to greater risks such as skimming, cloning of cards and identity thefts. With the technological advancements, fraudsters, hackers and organized criminals have invented convert methods to skim and clone payment cards. More often, in point of sale infrastructure, attackers tap the transmission medium, gain access to transaction data packets that are being transferred from the terminal to the bank-end host and then direct the transaction data packets to a fraudulent host for unauthorized approvals (Host Spoofing). Moreover, unauthorized EDC/POS Terminals placed by fraudsters (Ghost Terminals) often skim data held in the magnetic stripe of a credit card each time the card is swiped and use such data to create counterfeits. They use skimmed data to carryout unauthorized and fraudulent transactions causing severe confusions and damages to the card holders, acquires and card issuers. Such frauds also create various risks while causing financial losses. Use of manual key injection at EDC/POS Terminal for authentication purposes has further burdened the situation.

 Policy Measures and legal Background

Due to the ever-growing frauds in online payment transactions, regulators and payment associations have become more aggressive in implementing policies and processes to fight the fraudsters. Transaction security and risk management in online payments has become a greater concern for everyone who carryout remote online transactions. New transaction security standards and authentication processes are being introduced as mandatory measures from time to time by the industry players. The need to comply with these security, privacy and control requirements is creating mounting pressure on ICT industry to innovate new technologies to mitigate the threats. However, existing policy measures on EDC/POS terminal software/encryption mechanisms seems to be still inadequate to ensure comprehensive security and privacy for payment card transactions. Many emerging economies are yet to introduce terminal line security policies exposing payment card users and card issuers to greater risks.