Voltage Security Inc., an enterprise security company, calls itself a global leader in next-generation information encryption derived from breakthrough research in mathematics and cryptographic systems. Voltage's end-to-end encryption (E2EE), tokenization, data masking and stateless key management solutions deliver data-centric security that travels with the data itself.
Voltage said over 850 enterprise-class customers in retail, banking, insurance, energy, health care and government use its services. The company boasts that it became the first E2EE vendor to forge alliances with three of the five largest U.S. payment processors, which include Heartland Payment Systems Inc., Fifth Third Processing Solutions LLC, and Elavon Inc. Its email encryption technology is currently being deployed by Microsoft Corp., Proofpoint Inc. and Sendmail Inc., among others.
The original concept for Voltage evolved from a collaboration among cryptography faculty from Stanford University, as well as U.C. Davis and Stanford students. The team proposed a new method for streamlining the process of securing data transmitted via email. Voltage said the students' plan placed first in the annual Stanford BASES business plan competition and went on to win an international competition for collegiate entrepreneurs.
Spurred by interest in the email encryption technology, members of the academic team sought funding for the project, and in 2002 Voltage was born. Voltage shipped its first product in 2003. Today, prominent experts in the cryptographic community continue to play an important role as advisers to the company.
"The first application of Voltage was around email - so data and movement," stated Doug Dwyre, Vice President of Business Development at Voltage. "Then we quickly migrated into solutions for databases and applications - so data-at-rest and static data. Putting those two together made it logical to secure payments and provide a solution for acquirers, processors and merchants where they could secure data in movement, such as end-to-end encryption, as well as stored data."
Wasim Ahmad, Vice President of Marketing at Voltage, added, "We were able to combine the technology into a solution that protects information from the point the card is swiped through to card brand hand-off and anywhere information is stored in a merchant's IT system. Part of that is protecting the credit card, and part of that is how to make sure the right people who need to process it can access it without a constant cycle of encryption and decryption."
According to Ahmad, when sensitive data is repeatedly encrypted and decrypted during payment processing or for other purposes, it creates potential exposure points in network systems that can be exploited by cyber criminals. Voltage has several patented security features built into its encryption technologies that eliminate such exposure.
Working with a single-source data security provider, such as Voltage, Payment Card Industry (PCI) Data Security Standard (DSS) compliance for most merchants can be simplified. According to Dwyre, one of Voltage's big attractions is that merchants don't need to implement separate "point solutions" for implementing E2EE and securing databases and applications. Voltage technology secures data at all points, whether the data is at rest, in transit or in use, he said.
Voltage SecureData enterprise solution for data encryption, de-identification and masking ensures E2EE protection as data is collected, used, stored and distributed, even to less controlled environments, including testing and development platforms, regardless of infrastructure or application format requirements. Integrating an enterprise solution reduces PCI audit scope, as well as the costs associated with deployment and maintenance of privacy compliance, Voltage reported.
A primary objective for Voltage cryptographers was to develop an encryption method that would minimize systemwide impacts of encryption on data structures, schemes and applications. Dwyre said, "If you're familiar with other forms of encryption, many times you may be getting 16 numeric digits, and what may be coming out could be well over a hundred alphanumeric digits. So you can understand how difficult that is to implement into a very large database."
The company said its Voltage Format-Preserving Encryption, a mode of the Advanced Encryption Standard, encrypts data while preserving its original format and without sacrificing encryption strength. Typically, only the trusted applications that need to see clear data require one or two lines of code, minimizing impacts to network systems, Voltage said.
Another proprietary feature in the Voltage arsenal is Identity-Based Encryption, which allows unstructured data to be secured and distributed without having to issue encryption keys for every endpoint. Voltage's stateless key management system automates the process, "allowing the key to be derived and generated within the device, so there is no communication to a host in order to get that key rotated," Dwyre said. Key rotation can be set to occur at scheduled intervals.
Voltage also protects data in underlying systems, databases and applications. For merchants with recurring payments or billing, or even loyalty applications, Voltage technology encrypts at the lowest possible level: the data itself. According to Dwyre, other encryption systems put a wrapper around the database or application, which exposes the underlying data. For Voltage users, once the technology is implemented, it doesn't interfere with normal day-to-day operations, Dwyre said. The ease of implementation and system maintenance are key advantages, he added.
With the May 2010 launch of Heartland's E3-enabled terminal for small and mid-sized merchants, Dwyre predicts widespread merchant adoption ahead for Voltage's integrated POS technology solutions. By June, Heartland had deployed E3-enabled terminals in 118 merchant categories. Voltage has open license agreements with gateways, value-added resellers, hardware manufacturers and software developers, and it charges a fee for its connector licenses.
Steve Elefant, Chief Information Officer for Heartland, stated, "We have 250,000 merchants, and we want to get as many of those as possible using our E3 solution. There's a whole series of devices that we're releasing, including an E3 magnetic stripe reader, the first of this type of product that has a tamper-resistant security module built into the magnetic stripe reader wedge.
"We also chose Voltage as a long-term enterprise solution, so we've not only deployed it in our POS terminals, but we've deployed it in our email, as well as our systems for SecureData, SecureFile and for securing our BlackBerry servers. It's an enterprise encryption solution that we're using throughout the company."
Elavon was also interested in Voltage's back-end capabilities to secure data when it's moving from application to application or database to database. "It's stateless," Dwyre said. "They can move it around, and it stays encrypted and protected no matter what application they're looking at, whether it's a chargeback employee with Elavon who's viewing it, a customer service representative or someone who's boarding an account. Across the board, the information is secure."
For Hypercom, true E2EE - versus point-to-point encryption - was critical. The company now deploys Voltage across its entire product line. Stuart Taylor, Vice President of Marketing at Hypercom, said, "The key management and format-preserving components from Voltage were important to us. E2E encryption is about protecting the whole cardholder data for the lifecycle of that data. Voltage delivers truly enhanced encryption as opposed to just pure point to point."
Taylor added that in selecting Voltage, Hypercom looked at the company and "decided that their technology was excellent for a number of different scenarios. We have a lot of security drivers built into our ISO terminals that the Voltage technology very neatly integrates with, and we believe it gives us a collective edge."
Voltage offerings also include Voltage SecureData protection for sensitive customer and partner information within databases and applications; SecureFile document and file protection; SecureMail for email, files and documents transmitted internally and externally; SecureMail Network, an on-demand service; Voltage Key Management Server for automated key management; and Voltage Security Network's on-demand managed services for larger networks.
"When we engage an ISO, especially a larger ISO, we work with their organization to develop a marketing and core distribution strategy," said Drew Soinski, Vice President, Payments at Voltage. "We provide marketing collateral that can be branded with their logo. Our support mechanisms are second to none."
ISOs and merchant level salespeople interested in selling Voltage-enabled POS systems may contact any of the Voltage payment partners listed on the company's website or contact Voltage to implement a program with an unlisted payment processor. For merchants requiring a system to protect data across the entire business environment, Voltage believes its solutions will provide the desired jolt.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
E. Drew Soinski
Vice President, Payments
4005 Miranda Ave., Suite 210
Palo Alto, CA 94304
Company Profile originally appeared in
The Green Sheet Issue 100801
220601 - Nationwide Payment Systems
211102 - Kalamata Capital Group
210701 - Choice Merchant Solutions
200601 - Delta Payment Solutions
190802 - Credit.net, a division of Infogroup
190702 - Samsung Electronics America Inc.
181201 - Network Merchants LLC
180902 - MainStream Merchant Services Inc.
180801 - Century Business Solutions
180502 - Priority Payment Systems Northeast
180501 - Merchant e-Solutions Inc.
180301 - Wirecard North America
180201 - Sysnet Global Solutions Ltd.
171202 - Secure Cryptopayments
171002 - National Benefit Programs LLC
170902 - Frates Insurance & Risk Management
170901 - DCS Holdings Group LLC
170802 - Apogee Payment Systems LLC
170702 - Active Software & Hardware Systems
170701 - Veratad Technologies LLC
170502 - Frontline Processing Corp.
170501 - Platinum Choice Bancard LLC
170201 - Electronic Payments Inc.
161202 - International Bancard Corp.
161201 - CSR Professional Services Inc
161102 - Digitzs Solutions Inc.
161101 - Residual Sheriff LLC.
160801 - DigiPay: Solutions Inc
160702 - CreditCardProcessing.com
160201 - Lead Tracking Systems LLC
151202 - Benseron Information Technologies Inc.
151201 - CardWare International Inc
151101 - Lion Capital Group LLC
150801 - Topcreditcardprocessors.com
150702 - Vision Payment Solutions LLC
150601 - Conformance Technologies
150502 - Global Processing Systems
150402 - Mercantile Processing Inc.
150401 - Field Guide Enterprises
150302 - Signature Card Services
150301 - Premier Payment Systems Inc.
150201 - Humboldt Merchant Services
150102 - Expansion Capital Group LLC
141102 - National Merchants Association
141001 - Instant Credit Manager
140902 - Merchant Cash and Capital LLC
140701 - National Transaction Corporation (NTC)
140601 - Total Merchant Services
140501 - Nationwide Payment Solutions
140501 - BPC Banking Technologies
140301 - Meritus Payment Solutions
140201 - Process Pink Payments LLC
131202 - First American Payment Systems L.P.
131102 - Evo Payments International LLC
131001 - Live Reps Call Center
130901 - Regal Payment Systems LLC
130901 - The Merchant Solutions
130802 - North American Bancard LLC
130801 - Payment Logistics LLC
130702 - Plug n Pay Technologies Inc.
130601 - U.S. Merchant Systems LLC
130402 - National Processing Co.
130202 - Charge Card Systems Inc.
130202 - Layered Technologies Inc.
130102 - Glazer_Kennedy Insiders Circle LLC
121202 - American Microloan LLC
121102 - Keep in Touch Systems Inc.
121102 - Merchants Choice Payment Solutions
121002 - Washington Bancard Merchant Services LLC
120902 - Central Payment Co. LLC
120802 - Royal Merchant Holdings LLC
120801 - National Benefit Programs LLC
120602 - Cardinal Commerce Corp.
120601 - Veritrans Merchant Services LLC
120502 - ExecuTech Lease Group
120502 - The Small Business Authority
120402 - Chargeback Guardian Inc.
120401 - Electronic Payment Exchange
120301 - Complete Merchant Solutions LLC
120201 - CSR - Compliance Solutions and Resources
120102 - Alpha Card Services Inc.
111002 - Lead Source Call Center
111001 - First Annapolis Consulting Inc.
110902 - Point of Sale System Services Inc.
110901 - Sage Payment Solutions
110801 - Century Payments Inc.
110702 - Creative Vision Studio LLC
110702 - Network Merchants Inc.
110701 - Capital Access Network Inc.
110602 - eProcessing Network LLC
110602 - Moneris Solutions Inc.
110502 - Paragon Application Systems Inc.
110401 - Merchant Implementation Services
110301 - FrontStream Payments Inc.
101202 - CheckAlt Payment Solutions
101102 - Impact Payments Recruiting
101101 - Global Electronic Technology Inc.
101002 - TriSource Solutions LLC
100802 - Federated Payment Systems LLC
100801 - Voltage Security Inc.
100601 - NETSURION (formerly Vendor Safe Technologies)
100502 - Transaction Network Services Inc.
100402 - Secure Payment Systems Inc.
100401 - Elite Merchant Solutions
100302 - Retail Decisions Inc.
100102 - Payment Alliance International
091201 - Performance Training Systems Bankcard Boot Camp
091101 - Merchant e-Solutions Inc.
091002 - Whitehall Capital Advisors LLC
090901 - CoCard Marketing Group LLC
090801 - First National Merchant Solutions
090701 - checXchange Money Transfer Systems Inc.
090601 - Sterling Payment Technologies
090502 - Infinity Payment Systems
090501 - Merchant Cash and Capital
090401 - UseMyBank Services Inc.
090401 - Data Delivery Services Inc.
090302 - Velocity Merchant Services
090302 - Metro Merchant Services
090301 - Smart Transaction Systems Inc.
090301 - DCC Merchant Services USA LLC
090202 - TransFirst Holdings Inc.
090201 - ACH Payment Solutions
081202 - Affirmative Technologies Inc.
081201 - On-line Strategies Inc.
081101 - Vision Payment Solutions LLC
081002 - Veratad Technologies LLC
081001 - International Merchant Solutions LLC
080801 - GreenSoft Solutions Inc.
080702 - Smart Circle International
080601 - International Bancard Corp.
080502 - DRG Telemarketing Inc.
080501 - BCC Merchant Solutions
080402 - U.S. Merchant Systems
080401 - Greystone Business Resources Corp.
080302 - Transmedia Payment Services Ltd.
080102 - Sonoma Technical Support Services
071202 - Barclay Square Leasing Inc.
071102 - FirstView Financial LLC
071001 - Sage Payment Solutions
070902 - YourTownMall Business
070901 - Nxgen Payment Services
070802 - All card Processing-AAMonte-USA
070801 - Money Movers of America Inc.
070602 - Central Point Resources Inc.
070601 - Positive Feedback Software LLC
070502 - Premier Payment Systems
070501 - Amacai Information Corp.
070402 - National Bankcard Systems