The Green Sheet Online Edition
February 11, 2013 • Issue 13:02:01
Advanced breach protection
A number of merchants, enterprises and processors have uncovered a flaw within most first-generation tokenization solutions: the inability to support business evolution and growth without adding Payment Card Industry (PCI) Data Security Standard (DSS) compliance costs and requiring system upgrades. To solve the problem, Voltage Security Inc. developed Voltage Secure Stateless Tokenization (SST), a patent-pending data security technology that offers what Voltage believes is a more affordable approach for protection of payment card data.
Voltage SST is considered "stateless" because it eliminates the token database, a central element in most other tokenization solutions. Tokenization refers to the method whereby sensitive data, such as credit card numbers, are replaced with tokens. Voltage has devised a system that produces a unique, random token for each clear text primary account number (PAN) inputted, so that the end result bears no resemblance to the original PAN.
"The SST method is truly a paradigm shift in PAN tokenization," said Kennet Westby, President of Coalfire Inc., an independent information technology (IT) governance, risk and compliance firm. "Memory access is many thousands of times faster than disk access."
Westby added that by removing the database and practically eliminating disk input and output, performance is increased significantly over conventional tokenization solutions. "Typically, performance and security move in opposite directions, but not in this case," he said. "The overall security of the tokenization process is actually enhanced."
Because Voltage SST effectively removes storage of card data from the system, merchants are able to reduce their PCI DSS compliance costs. Voltage added that SST dramatically reduces the number of applications and systems that would ordinarily be considered "in-scope" for compliance assessments, which also reduces costs.
According to Voltage, SST technology is based upon published, proven academic research and standards and has been validated by independent experts, as well as by a top third-party Quality Security Assessor who published a report on the assessment. With Voltage SST technology, there are no software prerequisites, since the solution reportedly operates with virtually all languages and platforms and integrates with most existing IT environments.
SST is part of the Voltage SecureData Enterprise data security platform, which provides clients access to a single comprehensive solution for encryption, tokenization, data masking and key management to protect sensitive information enterprise-wide - regardless of where the business might be in its growth cycle, Voltage noted.
Features of Voltage Secure Stateless Tokenization include:
- Enterprise-wide payment card data protection
- Compatibility with most industry platforms
- Rapid deployment, usually within a few hours
- Data integrity for other system apps using tokens
- Reduced PCI compliance scope, cost, complexity
Voltage Security Inc.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.