Support: 1.866.573.0951


ProPay Meets/Exceeds Visa’s Best Practices for Data Field Encryption

ProPay’s End-to-End Data Security Solution Consistent and Exceeds Visa’s Best Practices

In light of recent security breaches and expressed interest from the marketplace in End-to-End Encryption solutions for securing card data, Visa recently published its Best Practices for Data Field Encryption along with the following definition of End-to-End Encryption.

“Data field encryption protects card information from the swipe to the acquirer processor with no need for the merchant to process or transmit card data in the clear.”

Visa has developed the following Best Practices to assist merchants in evaluating new encryption solutions emerging in the marketplace. ProPay recognized the need for End-to-End Encryption as early as 2007 and began architecting a solution. In mid 2008 ProPay implemented and began using its End-to-End data security solution in a production environment. In February 2009 ProPay launched ProtectPay, its End-to-End data security solution for commercial use.

Visa Best Practices for Data Field Encryption ProPay Solution
Limit cleartext availability of cardholder data and sensitive authentication data to the point of encryption and the point of decryption.
Use robust key management solutions consistent with international and/or regional standards.
Use key-lengths and cryptographic algorithms consistent with international and/or regional standards.
Protect devices used to perform cryptographic operations against physical/logical compromises.
Use an alternate account or transaction identifier for business processes that requires the primary account number to be utilized after authorization, such as processing of recurring payments, customer loyalty programs or fraud management.

ProtectPay’s approach starts with removing the existing sensitive data from a merchant and then providing a means of accepting and processing payments that don’t require a merchant to store, transmit, or process sensitive payment data. From the point-of-sale where sensitive payment information is obtained, and a large percentage of credit card data is stolen, ProtectPay safely captures the data and protects it throughout processing, transmission and storage. With this data removed from a merchant’s system, the merchant’s PCI scope is significantly reduced and the associated risks of losing the data are removed. While some service providers are talking about their future E2E data security ideas, ProPay has commercially viable and functioning solutions today.

ProtectPay offers the following features:

  • Encrypts sensitive customer data directly from the customer so cardholder data never touches a merchant’s system
  • Stores, transmits and processes sensitive customer payment data, always in encrypted form
  • Allows the data to be safely used for repeat billing and ongoing business transactions
  • Provides a single interface to major gateways, processors, and service providers
  • Stores multiple customer payment cards and alternative payment methods
  • Allows for ongoing management of customers’ payment data
  • Provides data search and reporting capabilities
  • Facilitates refunds and credits

ProPay’s E2E strategy comprises a four-pronged approach:

  • E2E Security – From the point where sensitive payment information is obtained and throughout transmission, processing and storage of the data, ProPay removes sensitive payment information from the merchant so they never touch the data. Removing the data removes the risks.
  • E2E Compliance – ProPay alleviates most of the merchant’s PCI validation requirements. Rather than having to deal with the burdens of evolving security standards and then hope that they are not breached, business owners can offload the information to ProPay, which specializes in the secure storage and handling of such sensitive data.
  • E2E Data Storage – From payment card transaction data to financial, health care information and other sensitive personal information, ProPay ensures that sensitive data is archived and stored in a secure environment. A unique ID or token is used by the merchant for further transactions on the data.
  • E2E Single Vendor Partner – ProPay has more than a decade of experience providing simple, safe and affordable merchant payment solutions to its customers, having gained knowledge and expertise in all areas relevant to acquiring, issuing, processing, and storing sensitive data.

For more information about ProtectPay E2E data security, call ProPay today at (888) 227-9856.

Additional resource information:

Visa Press Release:

Visa Best Practices for Data Field Encryption (PDF):

Merchant Solutions Contact Us Support Legal
ProPay, Inc. is a registered ISO of Wells Fargo Bank, N.A., Walnut Creek, CA. The ProPay Prepaid MasterCards are issued by Pathward™, Member FDIC, pursuant to license by MasterCard International Incorporated. MasterCard is a registered trademark of MasterCard International Incorporated.
©2023  ProPay Inc. All Rights Reserved.