COMPLIANCE POLICIES

Whistleblowing Policy – The Epic Whistleblowing Policy sets out guidance on how Epic Lanka employees can raise concerns about malpractice or wrong-doing at work. It aims to encourage openness so that concerns can be raised internally without fear of repercussions to the employee.

Code of Business Conduct and Ethics – The Code of Business Conduct and Ethics sets out Epic Lanka’s commitment to conducting its business ethically, as well as the ethical standards of conduct expected of Epic Lanka’s employees and directors.

Recruitment policy – This policy sets out Epic Lanka’s recruitment policy, including conducting eligibility right to work checks for all employees in order to safeguard against human trafficking or forced labor. We conduct job rotations so that no employee is restricted to one particular assignment for a long period of time.

Modern Slavery Act Statement – This statement is in reference to s.54 of the Modern Slavery Act 2015 (“Modern Slavery Act”). This statement sets out the steps that Epic Lanka, for itself and its affiliated entities has taken, and continues to take, to ensure that modern slavery, including human trafficking, child labor, workplace abuse and domestic servitude (“Modern Slavery”) is not taking place within our supply chain or business.

Supplier Guidelines – The Supplier Guidelines set out the standards and practices that our suppliers are required to uphold in the areas of human rights, labor, environment and business ethics.

The Payment Application Data Security Standard (PA-DSS)

Payment Application Best Practices (PABP), is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC).[1] PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications. The standard aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN. In that process, the standard also dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI DSS) Latest Version 3.2.

EPIC MPOS

Having analyzed the current inefficiencies in various POS payment systems, EPIC has designed its proprietary MPOS Merchant Acquiring Platform with EPIC MPOS Solution. It is a new platform that enables acquirers to quickly provide smartphone-driven Magnetic Stripe and Chip Card payment solutions to small and medium-sized merchants.

With MPOS Solution, a merchant’s smart phone is transformed into a secure point-of-sale device by pairing with a PCI PTS certified Card Reader which meets industry security standards. The Card Reader connects to the smart phone or tablet device via Bluetooth technology and enables merchants to accept both Magnetic Stripe and Chip Cards using a secure Mobile Application available on Android mobile operating platform which could be downloaded through the Google Play Store app market.

The unique design and security architecture of the Mobile Application delivers 1st level point-to-point data encryption and all transaction related security keys are stored in a Secure Area of the Smart Phone and Card Reader devices which is 100% secure and inaccessible to unauthorized entities. The solution provides the capability in capturing customer signatures after authorization and the digital receipt for completed transactions could be sent via SMSs.

Merchant Smart Phone initiated transactions are first received by a SSL Server deployed at Client premises. Subsequently, the transaction is routed to MPOS Switch which performs all transaction verifications and forwards to Card Host for authorization. The MPOS Switch also stores transaction details in accordance to PA-DSS standards and operates as a centralized repository for Digital Receipts.

The Solution delivers the full spectrum of POS transactions as outlined below, while carrying no limitations in MPOS service facilitation:

  • Sale
  • Void
  • Transaction History
  • Reversal
  • Settlement
  • PIN Change
  • Signature Uploading

EPIC ACS

The EPIC Access Control Server (ACS) is a highly scalable proven authentication solution residing within the realm of the Issuer domain which provides real-time cardholder authentication during the online shopping process. It offers central management of the authentication process for 3-D Secure scenarios providing all parties with a level of assurance similar to what is experienced in ‘card present’ transactions.

EPIC ACS can interface with Directory Servers from interchanges, Authentication History Servers, Bank Card Host, OTP Solutions, and SMS/Email Servers. It is compatible with all generic browsers such as Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera and Apple Safari etc.

The set of key functionalities performed by ACS is elaborated below:

  • Sale
  • Void
  • Transaction History
  • Reversal
  • Settlement
  • PIN Change
  • Signature Uploading

Generate and send Payer Authentication Response (PARes) to MPI which affirms or denies the validity of the match between the ACS record and the cardholder’s input, including some authentication data required to build a 3-D Secure authorization request such as the reference values generated to validate the integrity of the transaction data.

EPIC TLE

EPIC Terminal Line Encryption (TLE) Solution is an extremely secured communication channel encryption solution that offers increased security from the EDC/POS Terminal to the Bank’s Acquirer Host when transferring payment transaction data online. The strength of this solution lies in its use of proven, industry standard and cutting-edge technologies to encrypt all the sensitive data fields in the transaction data packet. EPIC TLE Solution is geared to protect online transactions from all kinds of vulnerabilities and threats that originate due to unsecured communication channels from the EDC/POS Terminal to the Acquirer Host. It is an extension to the existing electronic transaction processing systems of banks.

EPIC TLE Solution comprehensively protects card users, acquirers and issuers from all types of commonly known threats and vulnerabilities such as Eavesdropping, Ghost Terminals, Host Spoofing, Line/Wire Tapping and Replay Attacks. The continuous R&D investments by EPIC will ensure timely and proactive upgrades to EPIC TLE preventing possible new attacks in the future too. Implementation of EPIC TLE is easy and fast since it does not demand major changes, additions or upgrades to the existing payment infrastructure. It works as a plug-and-play system with simple integration to the existing payment infrastructure. EPIC TLE provides a Line Encryption Server that facilitates the encryption and decryption of the transaction data packets and a Protect Server Gold HSM to support automated secure key generation and key injection processes. From an administrative perspective, a comprehensive Web-based Application offers users a greater flexibility and convenience in managing different functions and operations.

The solution comprises of the following components:

  • TLE Server
  • Front-end Application
  • Hardware Security Module
  • TLE Web Application