ProPay Inc. has devised a payment system that encrypts sensitive cardholder data throughout the entire time it travels to the processor, the Orem, Utah-based independent sales organization says. Often, transaction data may enter the processing loop unencrypted to be encrypted later or be stored on a merchant's payment terminal. With ProPay's ProtectPay system, transaction data is encrypted from the outset of the transaction, Mark Johnson, ProPay chief information officer, tells CardLine sister publication ISO&Agent Weekly. The transaction is not unencrypted until it is inside the processor's network, which requires unencrypted data to complete the transaction, Johnson says. A couple of undisclosed merchants are using the system, ProPay says. ProtectPay had been in early testing since last summer. In an example of an e-commerce merchant using ProtectPay, Johnson says a consumer typing in a credit card number online actually is using a part of the merchant's site that ProPay developed to encrypt the data. From there, the data move encrypted to ProPay, which sends the encrypted information to a payment gateway for routing to the appropriate processor, which decrypts the data. ProtectPay encrypts the transaction data again as ProPay sends the authorization response to the merchant. The process is similar for card-present merchants, but they also can use an encrypting card reader that ProPay sells. More than 4,000 ProPay merchant clients use the secure reader, Johnson says. Merchants in either case benefit because they no longer store sensitive cardholder data, Johnson says. Instead, ProPay stores that information.