EPIC ready to stop credit card frauds

Thursday, 28 October 2010 04:17 -     - {{hitsCtrl.values.hits}}

Adjudged the fourth company in the world to develop the TLE solution

By Cheranka Mendis

 Taking Sri Lankan information telecommunication industry to yet another height, local IT Solutions Company Epic Lanka recently launched the EPIC Terminal Line Encryption Solution (TLE) which would put a stop to credit card related frauds.

 At a time when Sri Lanka is geared to embrace the best of technology and development within the local economy the product would guarantee of safety and stability in the local market which is a primary requite for international investors. By making use of the products Sri Lanka could also save a large amount of foreign exchange leaving the country as well as curb fraudulent host authorisation which currently registers a large sum of bad debts to the local banks.

 As quoted in international hearsay, card allied frauds are on the increase in the Asian region. Sri Lanka has also taken a high spot in these watch lists. Chairman of Epic Lanka Nayana Dehigama speaking to Daily FT asserted that such bad publicity impacts a number of industries such as tourism, investment and development.

Q:  What is TLE and what are the main areas of focus through the system?

A: EPIC Terminal Line Encryption Solution also known as TLE provides the highest security possible for bank transactions. It is recommended by the leading global card operators and aims at improving the credibility and ensures the security of the sensitive information of customers. Under this solution an encryption layer is added over the communication channel between the terminal and host to protect sensitive information against all forms of wire tapping attacks.

 Q: What propelled you to form this solution?

A: There is a dire necessity to protect retail payments happening through remote devices such as hacking and skimming. Credit card related frauds are increasing exponentially threatening loss of public confidence on this popular instrument and leaving behind large bad debts to banks who will not publicly admit of such frauds.

 Also Sri Lanka is expecting a huge inflow of tourists. Sri Lanka therefore has the responsibility to protect the visitors. CBSL has intervened and has recommended a guideline to protect such transactions through a security system. TLE provides protection to end to end transactions from the initiation to payment processor. It offers a secured encrypted terminal line from the POS terminal to the acquirer bank host.

Q: What are the challenges in the industry?

A: If the present menace persists, foreigners visiting a local hotel will think twice in using payment cards. Patrons of local banks will face tribulations in producing their cards overseas. Frauds in excess of US$ 2 mn have taken place in this industry within Sri Lanka within the last year or so. Reserve wastages of banks due to charge backs, dispute handling and arbitration are sizeable.

The threats continue to exist, high and perceptible to banks, regulators and also to the public. The best example was the credit card fraud of the popular Mr. Bean being traced to Sri Lanka.

The vulnerabilities are also very high as transmission of sensitive information in plain text is prone to be hacked so easily. As credit cards and debit cards have been accepted as a popular and convenient method of paying anywhere anytime, it is the responsibility of all stakeholders to act swiftly to safeguard public interest and confidence. We have offered a world class solution developed locally at a fraction of the cost of an imported solution with an irresistible offer for free trial runs to address this major problem. It is up to the regulators, policy makers and banks to make use of this opportunity.

Q: You say credit card transaction is at risk. What are the popular methods of hacking?

A: There is eavesdropping which copies sensitive card data from transactions. Then there is line or wire tapping which is a sophisticated method of skimming credit card data from clear (unencrypted) transactions by “wire-tapping” the communications line between the terminal and the host.  There is what is known as host spoofing which provides false approval to terminals. There is also the use of ghost terminals and replay attacks.

Q: How did EPIC develop the solution?

A: Given all that EPIC developed a solution to put a stop to hacking. We are also proud note that we are the world’s third country to develop this solution.

What we did was— we looked at the other three solutions, analysed their finer points and weaker points and developed a better solution which adds up all the good points of the previous three systems and cut away the ineffectiveness of the systems. We also studied the Sri Lankan banking system the payment requirement and the variations and came up with something that would fit in 101 per cent to the local banking system.

Q: What are the features in the TLE Server?

A: The features support any routing mechanism and the keys are securely stored in the HSM. There is a separate Monitoring Tool to check the transaction transmission process with a supportive Web Application and a command console, and it supports the existing infrastructure.

Q: What are the functions available in the TLE web application?

A: There is a process of registration of terminals and a registration of authorised personnel with automated back-ups, a system audit, information and error logs together with Server Configuration changes.

Q: How can you prove that the system would be a success in Sri Lanka?

A: We have tested it in a number of banks as proof of concepts and have been verified by four banks of the country. We already have received purchase orders from Hatton National Bank.

Also we have put in two years of time and investment (an approximately Rs. 20-30 million) worth of research and development. We offer it at a fraction of the cost of the other foreign systems.

It is also viewed as a national project by us for a number of reasons. One is that we have constructed this from local talent and therefore when taking it into the world market it is Sri Lanka that is made proud.

Q: What is the competitive edge over similar foreign products?

A: Unlike foreign products, we have after sales service right here in Sri Lanka which would mean less cost and faster service as after sales service. And if the bank needs to get down experts to look into a problem a huge premium per hour or per day must be given.

Furthermore since the local banks would get the product from a third party, 90 per cent of the money leaves the country. Since FDI is what is important in the country, this is an interesting aspect to look at. We give the same if not better quality product to less than 50 per cent of the cost. It must be noted that TLE is ranked high in VISA guidelines.

If the local banks are to get the FDI that would be lost to the country — it would mean the money sent in by thousands of migrant workers which is needed to bridge the foreign exchange gap. I personally believe that if there is a way to stop a poor mother from slaving away in another country to find foreign exchange while others sit at plush offices luxuriously waiting, it must be done; and this is one way of doing it.