Risk
12/19/2012
07:16 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Voltage Secure Stateless Tokenization Advances Data Security For Enterprises, Merchants, And Payment Processors

Voltage SST technology is offered as part of the Voltage SecureData Enterprise data security platform

Cupertino, California – December 18, 2012 – Voltage Security®, the world leader in data-centric encryption and key management, today announced the general availability of Voltage Secure Stateless Tokenization™ (SST) technology, an advanced, patent-pending data security solution that provides enterprises, merchants and payment processors with a new approach to help assure protection for payment card data, with significant Payment Card Industry Data Security Standard (PCI DSS) audit scope reduction. Voltage SST technology is offered as part of the Voltage SecureData™ Enterprise data security platform that unites market-leading encryption, tokenization, data masking and key management to protect sensitive corporate information in a single comprehensive solution. Voltage SST technology is deployed and in use with customers leading in payment card processing, retail, financial services and airline industries.

Tokenization, which is used as a way of replacing sensitive data like credit card numbers with non-sensitive substitute values, is one of the data protection and audit scope reduction methods recommended by the PCI DSS. Enterprise users, merchants and processors, however, are facing new and mounting compliance costs and complexities as they discover that conventional, first-generation tokenization solutions aren’t able to support business evolution and growth.

Voltage SST technology solves this problem by eliminating the need for a token database, which has been a central element in tokenization solutions. It also removes the need to store sensitive data. The end result is that it substantially decreases PCI DSS compliance costs and complexities, and dramatically reduces the number of applications and systems that would be considered “in-scope” for compliance assessments. This approach can help companies free substantial IT and compliance budget for other spending priorities.

By eliminating token databases and the need to store sensitive cardholder data, the Voltage SST solution also reduces risk of breach. “The SST method is truly a paradigm shift in PAN tokenization,” says Kennet Westby, president of Coalfire, Inc., a leading independent IT Governance, Risk and Compliance firm. “Memory access is many thousands of times faster than disk access. By removing the database and practically eliminating disk I/O, performance is increased dramatically over conventional tokenization solutions. Typically, performance and security move in opposite directions, but not in this case. The overall security of the tokenization process is actually enhanced.”

Voltage SST technology is based upon published and proven academic research and standards, and validated by independent experts. In addition, the solution has been validated by a top third-party Quality Security Assessor (QSA) with a published report on the assessment.

“Secure Stateless Tokenization from Voltage is significantly reducing our PCI compliance scope and making our IT operations much easier to manage,” said Alex Belgard, CISSP, information security engineer, Crutchfield Corporation. “For example, within our network of several hundred servers, we anticipate scope reduction of more than 90 percent.”

Belgard continued: “The deciding factor was the industry assurance that Voltage SST data security is a sound, proven solution; that’s where the published security proofs and third party validation made a decisive difference. And then, once the final decision was made, configuring the SST solution for our production environment was very simple and straightforward, taking less than a day.”

For transaction processors (including payment switches, tokenization service providers, and card issuers), Voltage SST technology delivers a secure, high-performance solution that meets carrier- and payment processor-grade high availability requirements. In addition, the SST technology provides 100% data consistency, and scales linearly so that processors can generate hundreds of millions of tokens to represent card numbers for internal use or to provide tokenization services to merchants.

With Voltage SST technology there are no software prerequisites. The solution works with virtually all languages and platforms, easily integrating into existing IT environments, including mainframe and mid-range.

On the scalability of tokenization solutions and data integrity, Gartner’s Avivah Litan advises: “Enterprises with large-scale or decentralized operations will want to choose vendors that can properly support their operations. Not all vendors…are equal when it comes to their ability to scale. For example, some can easily support small one-site operations with one merchant account, but cannot support national chain stores with multiple merchant accounts. Similarly some can support tokenization software for a small localized application, but cannot support a distributed global environment with multiple regional applications, and ensure that the same payment card number always generates the same token number. Before choosing a vendor, check at least two or three production customer references with environments similar to yours.” (Gartner Research Note G00237375, 2 August 2012)

For more information about Voltage Secure Stateless Tokenization technology and the Voltage SecureData Enterprise platform, contact the company at info@voltage.com.

About Voltage Security Voltage Security®, Inc. is the leading data protection provider, delivering secure, scalable, and proven data-centric encryption and key management solutions, enabling customers to effectively combat new and emerging security threats. Powered by ground-breaking encryption innovations, including Identity-Based Encryption™ (IBE), Format-Preserving Encryption™ (FPE), and Page-Integrated Encryption™ (PIE), our powerful data protection solutions allow any company to seamlessly secure all types of sensitive corporate and customer information, wherever it resides, while efficiently meeting regulatory compliance and privacy requirements. For more information, please visit www.voltage.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.