E2Pay is Indonesia's payment gateway. E2Pay is connected safe and efficient e-Commerce by partnering with online businesses and financial institutions in Indonesia.
2. Introduction
2
E2Pay (PT E2Pay Global Utama) is incorporated in 2012, a spin-off of the
payment gateway division of PT Infinetworks Global (main shareholder) which
has been conducting payment gateway business for our clients since 2010.
Infinetworks has been in eBanking business since 2000.
As the leader in Internet & Mobile Banking solutions in
Indonesia, Infinetworks has been implementing and
operating eBanking services for large multi-national
banks for over 12 years.
E2Pay is a member of the Indonesian E-Commerce
Association.
E2Pay is established to “enable safe and efficient e-Commerce by partnering with online
businesses and financial institutions in Indonesia”
3. E2Pay Enables e-Commerce
3
E2Pay connects Issuers and Merchants to enable e-Commerce for
your Customers
Customers Merchants Issuers
Issuers are financial institutions: Banks and eWallets
Merchants are online merchants: Internet and Mobile-based
Customers from various issuers that want to make debit or credit card payments
4. Benefits to Merchants
4
E2Pay provides secure payment capabilities to Merchants
Access to reputable issuers from day one:
o Online debit from Banks and eWallets
o Credit card payment (Visa and Master Card)
Simple integration with E2Pay – E2Pay provides robust & scalable API interface, to enable quick and
reliable integration of merchant’s shopping cart with E2Pay
Provides support for the merchants:
o Technical support
o Post transactions support (e.g., reversals, charge-backs, incomplete transactions)
o Online reporting tools
o Administration with issuers, selection of issuers by merchants
Provides Fraud Management
Competitive rates
6. Benefits to Issuers
6
E2Pay enables e-Commerce for Issuers
Access to reputable merchants from day one:
o Fast integration with merchants – E2Pay will connect and integrate with merchants website
o Provides support for the merchants:
• Technical support
• Post transactions support (e.g., reversals, charge-backs, incomplete transactions)
• Reporting
o Administration with merchants, and selection of merchants by issuers
Reduces fraud risks considerably – with E2Pay Fraud Management with extensive fraud prevention
and checking
Increase brand image due to e-Commerce capability
Provides income to issuers
PCI DSS certified
7. Our Issuers
7
Existing
In progress and in discussion…
For 2013-2014, E2Pay targets to partner with Indonesian-based Banks and eWallets
8. Our Infrastructure Security
8
E2Pay uses eBanking grade infrastructure security
Infrastructure:
o E2Pay uses the same IT infrastructure that we use to serve multiple Banks for their Internet &
Mobile Banking services
o Audited periodically by reputable IT security auditors
o Firewall packet filtering and environment segmentation, Intrusion Prevention System (IPS),
Web Application Firewall (WAF), Anti Virus
o Access control system - physical safeguard, split data center room access (Development-UAT
and Production)
o Payment gateway is PCI DSS compliant
Interface with Merchants and Issuers:
o Encrypted data communication with 256-bit Secure Socket Layer (SSL)
o SHA1 digital signature verification
o Pre-determined Source & Target URLs
o Merchant re-query
Security management: policies and monitoring
9. Our Fraud Management
9
Charge-back due to fraud is the biggest challenge to e-Commerce. To fight
against fraud, E2Pay implements Fraud Management
Pre, During and Post Transaction Checking
Access Checks – access to E2Pay payment gateway is only allowed for pre-registered merchants and
merchant is allowed to re-query E2Pay to verify completed online transaction information
Transaction Limit – by IP address, email, credit card #, transaction value; by time frame
Merchant Limit – max value per transaction, by timeframe (daily, weekly, monthly)
Blacklist Database – by credit card #, IP address, email, user name
Whitelist Database – pre-registered credit card #. Usually for high risks merchants selling virtual goods
Frequency Check – no. of transactions/cards from the same IP address/email/user within a timeframe
Fraud Filters (Rule Based) – Bin Bank Filtering, IP address filtering, 3D-Complaint Card only, etc. Used
among other for geo-location (e.g., only accepts cards from Indonesia, reject high-risk countries, etc.)
Automated Fraud Scoring & Alerts, with 3rd party Fraud Scoring (Fraud Labs)
Fraud Monitoring – E2Pay staff checks same day & previous day transactions, and will alert
corresponding merchants & issuers when fraud is suspected
More detailed Fraud Management presentation and demo are available