Home / IT / Telecom / Tech/ Epic Lanka first Sri Lankan software house to earn PCI 3DS certification

Epic Lanka first Sri Lankan software house to earn PCI 3DS certification

Comments / {{hitsCtrl.values.hits}} Views / Thursday, 22 August 2019 00:26


From left: Manager Compliance and Support Saminda Jayawardena, Director/Group Chief Technology Officer Krishan Jayawardena, Epic Lanka Managing Director/CEO Viraj Mudalige, receiving the PCI3DS certificate from (SAARC)-SISA Manager Sales Abhijeet Singh, SISA India Senior Executive Business Development Balaji EM, and Epic Lanka Senior Vice President Sanjeeva Perera

Epic Lanka Ltd. has received the coveted PCI 3DS (Payment Card Industry 3 Domain Secure) certification from SISA Information Security, a qualified security assessor headquartered in India. The PCI 3DS certification is yet another first for the company as it becomes the first ever Sri Lankan software house to receive this globally renowned certification. 

PCI 3DS is a globally accepted security standard that provides a framework for better data integrity and confidentiality – two of the three pillars of information security. This certification will serve as a major step in minimising chargeback and fraud risks for online and mobile card payment transactions at banks and financial institutions. In an era where customers are ever on the look-out for more convenient methods of carrying out their day-to-day transactions, banks and other financial institutes are compelled to find the balance between speedy transaction processing and security of transactions. With the advancements in the e-commerce and m-commerce arena, customers are now moving more towards the convenience of purchasing their goods and services online. The growth in the tourism industry in Sri Lanka has also had an impact on the increase in the acquiring business.

Leveraging on this tendency, a majority of merchants, from books to groceries to clothing, are now offering their products and services online. While many of these merchants accept cash-on-delivery, customer preference is rapidly moving towards using credit/debit cards for online payments. In recent times, however, there has been a rapid rise in card-not-present (CNP) transactions. 

Due to the inherent risks of the customer not being present at the merchant location during the transaction, acquirer banks are facing the threat of CNP frauds. When it comes to transactions done through foreign cards used by tourists, the financial risk for the Sri Lankan acquirers is higher and at times inevitable.

3-D Secure (3DS) provides the solution for CNP risks as well as conventional card payments, where the liability of customer authorisation of transactions is passed to the issuer bank. 3DS functions as a messaging protocol that enables customers to authenticate themselves with their card issuer when making cardless transactions in e-commerce and m-commerce purchases. The three domains consist of the acquirer domain, issuer domain, and the interoperability domain (e.g. payment systems). The additional security layer helps prevent unauthorised CNP transactions and protects the merchant from CNP exposure and fraud. 

Having been in business for over 20 years, Epic has earned a position as one of the strongest software brands in the Sri Lankan IT industry with domain expertise in Fintech solutions. Epic has obtained some of the most recognised compliance certifications in the world and lived up to its corporate values that encompass trust, ethics, commitment and innovation. 

Epic has hosted this technological advancement at their premises, thereby enabling banks and financial institutes to focus on their customers’ transactional and banking needs instead of having to ensure the availability of domain expertise. 

This further reduces the high investments that banks and financial institutes would be required to make on hardware and other related software for enabling 3DS in-house. With this, Epic intends to lessen the burden on banks and financial institutes to ensure the security of online transactions by handling the entire CNP transaction processing arena on a software-as-a-service model. Epic aims to initially focus on the Sri Lankan banking industry and gradually expand to the region and global operations in stages.

Epic Lanka Managing Director/Chief Executive Officer Viraj Mudalige said, “To become the first company in the country to achieve this certification demonstrates our commitment towards developing robust mechanisms in securing our customers’ sensitive data environments. Our technical advancement in transaction monitoring and futuristic approach enabled us to contribute to our country’s security system. Coordination between our teams and the support of SISA made it possible. We plan to strengthen the Sri Lankan payment systems and assist the banking industry to more effectively focus on their business objectives. It is expected to eventually expand this service to a global level, thereby positioning Sri Lanka as a secure payment facilitator.” 

Epic 3D Secure ACS Solution is the only hosted system in Sri Lanka with PCI 3DS, PCI DSS, PA DSS, and ISO27001 certifications. 


Share This Article

Facebook Twitter


1. All comments will be moderated by the Daily FT Web Editor.

2. Comments that are abusive, obscene, incendiary, defamatory or irrelevant will not be published.

3. We may remove hyperlinks within comments.

4. Kindly use a genuine email ID and provide your name.

5. Spamming the comments section under different user names may result in being blacklisted.


Today's Columnists

Is voting the only expression of democracy?

Wednesday, 18 September 2019

Aspirant Sajith Premadasa has openly and repeatedly said he will contest the Presidency whatever anyone says. His party has not selected him and neither has he asked for the nomination from the party. One could interpret that he may contest whether o

Private or State hospitals? State, of course!

Wednesday, 18 September 2019

Framing the debate For those of us who can afford them, the question is often raised whether we should go to the neighbourhood private hospital or State hospital when sick. The purpose of this article is to share my experience over my lifetime in alw

Teaming up with the CIO for a journey towards transformational ERP

Wednesday, 18 September 2019

An ERP (Enterprise Resource Planning) implementation with a focus on a business outcome can bring significant competitive advantage across every area of the business. Earlier, it was the CIO who had to figure out the design and implementation of the

CRIB – Individual Credit Score

Wednesday, 18 September 2019

With the recent announcement of releasing credit scores of banked citizens commences a new chapter of the country’s lending industry. The General Manager of the Credit Information Bureau (CRIB) Nandi Anthony stated that the Bureau plans to release

Columnists More