Secure or Not Secure: Public Wi-Fi (Part 2, ePayments)

Secure or Not Secure?

(A Mini-Series)

Public Wi-Fi:  Part 2 (ePayments)

In our first article about the security of public Wi-Fi, we discussed generally the security of access points, encryption, and network registration.  Part two of the security of public Wi-Fi will focus more on personal security and user awareness, especially as it relates to conducting ePayment transactions on public Wi-Fi.

  1. What’s the difference between a secured and unsecured network? Secured networks will tend to have a number of different elements built into the environment. In the previous article, we discussed access points with network level encryption. Another question to ask is if a Network Access Control (NAC) solution is in place that governs admission to the network and enforces role-based access while a device is connected. Also, is there a firewall in place and how old is the network? Things like this play a crucial role in your security when accessing the network on your device as failure to encrypt connections, monitor/manage traffic on the network, and keep network hardware current create vulnerabilities.  If a user is in an unsecured network, their P.C. is more liable to be infiltrated or have its outgoing data transmissions monitored. Hackers could utilize any number of methods for obtaining information transmitted over the network or directly on other users’ machines depending on the sophistication of the hacker’s tools and skills.   
  1. Why is a PCI compliant site important for making ePayment transactions? Absolutely.  There are two different types of encryption:  (1) The encryption taking place between our server and the customers browser, and (2) The encryption taking place between a customer’s machine and say, a router on a local network.  Indeed, while being on a secure and encrypted network will benefit customers, using a PCI compliant site such as Xpress-pay protects ePayment information, regardless of the security of a network. 
  1. So, how does a PCI compliant site actually work to secure my ePayment transactions?  A PCI compliant site does benefit customers submitting credit card information through a tool like Xpress-pay, regardless of the network environment.
    1. TLS 1.2 protocol is required by the user’s browser in order to establish a connection to our servers. (TLS stands for “Transport Layer Security” protocol.)
    2. TLS 1.2 has been an industry standard now for several years with TLS 1.3 working its way into relevance since March of 2018. (TLS protocol is preferred over the former SSL – Secure Socket Layer protocol.)  Once the TLS 1.2 protocol is verified, an encrypted connection is opened between our servers and the customers machine. This makes it very difficult to hack a transmission.
    3. While certain tools, like a network sniffer, might enable someone monitoring the network traffic to see that a customer is on Xpress-pay, the actual encrypted connection between Xpress-pay and a customer would be extremely difficult to crack.

In conclusion, it is important to understand what type of security is offered when connecting to unknown networks, and never to assume that they are secure. Asking questions about the network security policy is always a good idea before you connect or simply assume that your connection is not secured. This can guide you in deciding which apps to utilize over any given network.  Using sites such as, which follow the stringent standards of PCI DSS, Level 1 Compliance when making payments online, help alleviate concerns as well as encrypt your ePayment information, regardless of the environment.

For more information, feel free to contact us anytime at: