Epic Lanka first Sri Lankan software house to earn PCI 3DS certification

From left: Manager Compliance and Support Saminda Jayawardena, Director/Group Chief Technology Officer Krishan Jayawardena, Epic Lanka Managing Director/CEO Viraj Mudalige, receiving the PCI3DS certificate from (SAARC)-SISA Manager Sales Abhijeet Singh, SISA India Senior Executive Business Development Balaji EM, and Epic Lanka Senior Vice President Sanjeeva Perera

Epic Lanka Ltd. has received the coveted PCI 3DS (Payment Card Industry 3 Domain Secure) certification from SISA Information Security, a qualified security assessor headquartered in India. The PCI 3DS certification is yet another first for the company as it becomes the first ever Sri Lankan software house to receive this globally renowned certification. 

PCI 3DS is a globally accepted security standard that provides a framework for better data integrity and confidentiality – two of the three pillars of information security. This certification will serve as a major step in minimising chargeback and fraud risks for online and mobile card payment transactions at banks and financial institutions. In an era where customers are ever on the look-out for more convenient methods of carrying out their day-to-day transactions, banks and other financial institutes are compelled to find the balance between speedy transaction processing and security of transactions. With the advancements in the e-commerce and m-commerce arena, customers are now moving more towards the convenience of purchasing their goods and services online. The growth in the tourism industry in Sri Lanka has also had an impact on the increase in the acquiring business.

Leveraging on this tendency, a majority of merchants, from books to groceries to clothing, are now offering their products and services online. While many of these merchants accept cash-on-delivery, customer preference is rapidly moving towards using credit/debit cards for online payments. In recent times, however, there has been a rapid rise in card-not-present (CNP) transactions. 

Due to the inherent risks of the customer not being present at the merchant location during the transaction, acquirer banks are facing the threat of CNP frauds. When it comes to transactions done through foreign cards used by tourists, the financial risk for the Sri Lankan acquirers is higher and at times inevitable.

3-D Secure (3DS) provides the solution for CNP risks as well as conventional card payments, where the liability of customer authorisation of transactions is passed to the issuer bank. 3DS functions as a messaging protocol that enables customers to authenticate themselves with their card issuer when making cardless transactions in e-commerce and m-commerce purchases. The three domains consist of the acquirer domain, issuer domain, and the interoperability domain (e.g. payment systems). The additional security layer helps prevent unauthorised CNP transactions and protects the merchant from CNP exposure and fraud. 

Having been in business for over 20 years, Epic has earned a position as one of the strongest software brands in the Sri Lankan IT industry with domain expertise in Fintech solutions. Epic has obtained some of the most recognised compliance certifications in the world and lived up to its corporate values that encompass trust, ethics, commitment and innovation. 

Epic has hosted this technological advancement at their premises, thereby enabling banks and financial institutes to focus on their customers’ transactional and banking needs instead of having to ensure the availability of domain expertise. 

This further reduces the high investments that banks and financial institutes would be required to make on hardware and other related software for enabling 3DS in-house. With this, Epic intends to lessen the burden on banks and financial institutes to ensure the security of online transactions by handling the entire CNP transaction processing arena on a software-as-a-service model. Epic aims to initially focus on the Sri Lankan banking industry and gradually expand to the region and global operations in stages.

Epic Lanka Managing Director/Chief Executive Officer Viraj Mudalige said, “To become the first company in the country to achieve this certification demonstrates our commitment towards developing robust mechanisms in securing our customers’ sensitive data environments. Our technical advancement in transaction monitoring and futuristic approach enabled us to contribute to our country’s security system. Coordination between our teams and the support of SISA made it possible. We plan to strengthen the Sri Lankan payment systems and assist the banking industry to more effectively focus on their business objectives. It is expected to eventually expand this service to a global level, thereby positioning Sri Lanka as a secure payment facilitator.” 

Epic 3D Secure ACS Solution is the only hosted system in Sri Lanka with PCI 3DS, PCI DSS, PA DSS, and ISO27001 certifications.