Voltage SecureData™ Payments

Protecting cardholder data with End-to-End Encryption

Voltage SecureData Payments provides complete end-to-end encryption for payment data for authorisation, settlement, and beyond, while eliminating the traditional headaches of key injection, key rotation, and key management – at dramatically lower cost

The Challenge - Critical endpoints of payment stream must be protected

In today’s environment of heightened regulatory requirements and the risk of cardholder data breach at all points in the payment stream it is critical for merchants, processors, and acquirers to protect credit card data at rest and in transit within their environments.

In most existing payment systems, credit card data is left unprotected during the authorisation and settlement. At the back end of the payment stream, cardholder data is often left unprotected during routine business processes such as processing for loyalty programs, charge-backs or repetitive payments.
It is important to select a solution that is effective, compliant with best practices, and affordable.  .

The Answer - Voltage SecureData Payments Extends Protection, Simplifies Key Management

All too often data breaches happen when card holder data is left unprotected at these critical endpoints of the payment stream. With Voltage SecureData Payments, cardholder data is protected at these endpoints and as it flows throughout the payment stream. Voltage SecureData Payments eliminates the traditional complexities associated with payment device key injection, key management and payment application changes, and enables a true end-to-end architecture that can be rapidly deployed - even in the most complex environments.

Reducing PCI Audit Cost and Data Breach Risk

  • Audit Cost: enabling Voltage SecureData within a merchant environment can reduce the cost of PCI Audits – a direct result of reducing the number of changes necessary to underlying databases and applications. Built-in PCI ready reports make the Audit process simple.
  • Risk: Voltage SecureData protects cardholder data directly – no matter where that information is stored, transmitted or used. Along with sound internal controls, using Voltage SecureData means that despite data breach attempts no sensitive information can be used for fraudulent purposes – reducing the risks associated with data breaches.

Innovation in cryptography provides end-to-end encryption without massive Merchant IT system changes
Voltage SecureData Payments is a complete payments transaction security platform that is built on two breakthrough technologies encompassing encryption and key management:  Format-Preserving EncryptionTM and Identity-Based-EncryptionTM.  These two technologies combine to provide a unique architecture that addresses the complexity of high transaction retail environments.

 

FPE

Using Format-Preserving Encryption (FPE),Voltage SecureData maintains data format and eliminates business process changes.

Encryption that just works - Format-Preserving Encryption™

With Voltage Format-Preserving Encryption (FPE), credit card numbers and other types of structured information are protected without the need to change format or structure. In addition, data properties are maintained, such as a checksum, and portions of the data can remain in the clear. This aids in preserving existing processes such as bin routing or last 4 digits of the card.


Simplified Key Management - Identity-Based Encryption™

Identity-Based-EncryptionTM, or IBE, is a breakthrough in key management that eliminates the complexity of traditional Public Key Infrastructure (PKI) systems and symmetric key systems like DUKPT.  In other words, no digital certificates or keys are required to be exchanged by the sender and the recipient.

  • Stateless Operation - No Key Injection:

With POS solutions that use legacy symmetric encryption, encryption keys should be reset annually for each POS device through a process called key injection. This procedure is expensive and cumbersome as merchants must take POS devices offline and ship them back to a secure facility.
With Voltage SecureData Payments, because encryption keys are securely generated on demand and not stored, POS devices are not subject to key injection and key rotation happens systematically – eliminating labor-intensive processes and costs.

Voltage SecureData Payments Compatibility with Host Systems and Wide Variety of POS Platforms

  • Robust Host Side Capabilities and Broad Platform Support:
    Voltage SecureData can be deployed on a wide variety of platforms including Mainframe, Mid-range, HP Nonstop, Windows, Linux, UNIX, Stratus, Teradata and z/OS.
  • Multiple Integration Options: Processors and Merchants can choose to integrate using SDK’s, web services, and/or command line tools for quick and simple deployment. End-to-End Encryption can easily be combined with Tokenisation to provide Merchants with complete choice in reducing PCI Audit scope.
  • Integrated POS Systems: Voltage SecureData Payments POS SDK integrates easily into a variety of POS Devices and POS platforms.  Voltage SecureData Payments can also support newer devices with Tamper Resistant Security Modules (TSRMs).
    For a complete list of payment terminal partners visit www.voltage.com/partners.

How Secure is Secure?

To ensure compliance to VISA and PCI DSS best practices and requirements, Cryptographic Assurance Services, LLC (CAS), a leader in cryptographic compliance consulting, has conducted an independent security review and verified that Format-Preserving Encryption conforms with the complete list of Visa’s global industry best practices for data field encryption. The independent security review concludes that Voltage FPE, as implemented in the form of the AES mode FFX3, meets the compliance criteria for PCI DSS encryption requirements and for Visa’s Data Field Encryption recommendations. For more information see: http://www.voltage.com/qsa