Risk
12/19/2012
07:16 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Voltage Secure Stateless Tokenization Advances Data Security For Enterprises, Merchants, And Payment Processors

Voltage SST technology is offered as part of the Voltage SecureData Enterprise data security platform

Cupertino, California – December 18, 2012 – Voltage Security®, the world leader in data-centric encryption and key management, today announced the general availability of Voltage Secure Stateless Tokenization™ (SST) technology, an advanced, patent-pending data security solution that provides enterprises, merchants and payment processors with a new approach to help assure protection for payment card data, with significant Payment Card Industry Data Security Standard (PCI DSS) audit scope reduction. Voltage SST technology is offered as part of the Voltage SecureData™ Enterprise data security platform that unites market-leading encryption, tokenization, data masking and key management to protect sensitive corporate information in a single comprehensive solution. Voltage SST technology is deployed and in use with customers leading in payment card processing, retail, financial services and airline industries.

Tokenization, which is used as a way of replacing sensitive data like credit card numbers with non-sensitive substitute values, is one of the data protection and audit scope reduction methods recommended by the PCI DSS. Enterprise users, merchants and processors, however, are facing new and mounting compliance costs and complexities as they discover that conventional, first-generation tokenization solutions aren’t able to support business evolution and growth.

Voltage SST technology solves this problem by eliminating the need for a token database, which has been a central element in tokenization solutions. It also removes the need to store sensitive data. The end result is that it substantially decreases PCI DSS compliance costs and complexities, and dramatically reduces the number of applications and systems that would be considered “in-scope” for compliance assessments. This approach can help companies free substantial IT and compliance budget for other spending priorities.

By eliminating token databases and the need to store sensitive cardholder data, the Voltage SST solution also reduces risk of breach. “The SST method is truly a paradigm shift in PAN tokenization,” says Kennet Westby, president of Coalfire, Inc., a leading independent IT Governance, Risk and Compliance firm. “Memory access is many thousands of times faster than disk access. By removing the database and practically eliminating disk I/O, performance is increased dramatically over conventional tokenization solutions. Typically, performance and security move in opposite directions, but not in this case. The overall security of the tokenization process is actually enhanced.”

Voltage SST technology is based upon published and proven academic research and standards, and validated by independent experts. In addition, the solution has been validated by a top third-party Quality Security Assessor (QSA) with a published report on the assessment.

“Secure Stateless Tokenization from Voltage is significantly reducing our PCI compliance scope and making our IT operations much easier to manage,” said Alex Belgard, CISSP, information security engineer, Crutchfield Corporation. “For example, within our network of several hundred servers, we anticipate scope reduction of more than 90 percent.”

Belgard continued: “The deciding factor was the industry assurance that Voltage SST data security is a sound, proven solution; that’s where the published security proofs and third party validation made a decisive difference. And then, once the final decision was made, configuring the SST solution for our production environment was very simple and straightforward, taking less than a day.”

For transaction processors (including payment switches, tokenization service providers, and card issuers), Voltage SST technology delivers a secure, high-performance solution that meets carrier- and payment processor-grade high availability requirements. In addition, the SST technology provides 100% data consistency, and scales linearly so that processors can generate hundreds of millions of tokens to represent card numbers for internal use or to provide tokenization services to merchants.

With Voltage SST technology there are no software prerequisites. The solution works with virtually all languages and platforms, easily integrating into existing IT environments, including mainframe and mid-range.

On the scalability of tokenization solutions and data integrity, Gartner’s Avivah Litan advises: “Enterprises with large-scale or decentralized operations will want to choose vendors that can properly support their operations. Not all vendors…are equal when it comes to their ability to scale. For example, some can easily support small one-site operations with one merchant account, but cannot support national chain stores with multiple merchant accounts. Similarly some can support tokenization software for a small localized application, but cannot support a distributed global environment with multiple regional applications, and ensure that the same payment card number always generates the same token number. Before choosing a vendor, check at least two or three production customer references with environments similar to yours.” (Gartner Research Note G00237375, 2 August 2012)

For more information about Voltage Secure Stateless Tokenization technology and the Voltage SecureData Enterprise platform, contact the company at info@voltage.com.

About Voltage Security Voltage Security®, Inc. is the leading data protection provider, delivering secure, scalable, and proven data-centric encryption and key management solutions, enabling customers to effectively combat new and emerging security threats. Powered by ground-breaking encryption innovations, including Identity-Based Encryption™ (IBE), Format-Preserving Encryption™ (FPE), and Page-Integrated Encryption™ (PIE), our powerful data protection solutions allow any company to seamlessly secure all types of sensitive corporate and customer information, wherever it resides, while efficiently meeting regulatory compliance and privacy requirements. For more information, please visit www.voltage.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8243
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2014-8244
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.