Posted by Twigsby on 8/13/2020
Today, August 13, we’re announcing a new way to pay on iOS and Google Play: Epic direct payment. This is the same payment system that we use to process transactions on PC, Mac and Android for Fortnite and the Epic Games Store. We’ve been working hard to scale our eCommerce platform to support transactions for big events like Fortnite Season launches and the Epic Games Store Mega Sale, and we’re excited to bring the same trusted payment system to iOS and Google Play. In this blog you’ll find more behind-the-scenes details about our focus on security when it comes to transactions.
Hundreds of millions of players around the world have Epic accounts, and allowing all of our players to transact easily and securely is a top priority for Epic Games. Below are just a few ways we approach security with Epic direct payments to help keep your transactions safe.
The Payment Card Industry Data Security Standard (PCI-DSS) sets rigorous security requirements to prevent cardholder data loss as well as general requirements for the prevention, detection, and response to security incidents for all organizations accepting and/or processing payments. Epic Games’ eCommerce system has been PCI-DSS compliant since 2017. We were recently audited by RSI Security for PCI-DSS compliance as a Level 1 merchant and passed with no nonconformities in July of this year.
Epic Games utilizes Amazon Web Services (AWS) to create and maintain a secure Cardholder Data Environment (CDE) segmented from our other business assets and users. All transaction data is transmitted through encrypted channels based on TLS v1.2. Access to the CDE is limited to users which have a business need to know and have undergone security awareness training, including secure coding principles such as the Open Web Application Security Project (OWASP) secure coding guidelines. Furthermore developers are trained to spot common vulnerabilities in code (OWASP Top Ten) and the associated prevention techniques. We never store your credit card number on our systems. Rather, your payment details are stored with the payment service provider such as PayPal and Chase Payments.
The Epic Games security teams perform internal and external assessments and penetration tests of our infrastructure. These tests leverage a mixture of weekly vulnerability scans and adversarial penetration tests. Any issues discovered are remediated with the appropriate teams and verified by the security team.
In addition to our own internal security teams, Epic Games also has an active Bug Bounty program on HackerOne with over a hundred Security Researchers that test our systems for security bugs and vulnerabilities. Beyond our eCommerce systems, our Bug Bounty program also covers a wide range of Epic Games infrastructure. This list is constantly growing as our services continue to expand.
Today we are taking another big step, bringing the same Epic payment services which you are familiar with on PC to iOS and Google Play via Epic direct payments. If you already have a payment account saved with us on PC or Mac, the same account will be available on mobile for iOS and Android players using the App Store and Google Play. With our new mobile payments, we continue to hold ourselves to the highest eCommerce standards:
We want you to feel safe in all things you do in the Epic Games ecosystem, and that's why we are continuing to work hard to bring this payment option to you wherever you play on mobile. See the full list of territories we currently support with Epic direct payments. We will continue to grow our services to reach more people to provide additional trusted payment options for our players.
Thank you for playing with us!