Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/28/2011
07:32 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Voltage Rolls Out Page-Integrated Encryption For Protecting Credit Card Numbers

PIE is particularly useful for e-commerce and other cloud-based applications that use confidential personal information

From the Visa Security Summit in Washington D.C.—April 27, 2011–- Voltage Security, a global leader in enterprise and payment card data protection inside and outside the cloud, today announced a new encryption breakthrough for protecting personal data entered by consumers on web pages called PIE for Page-Integrated Encryption™. The company also announced Voltage SecureData Web™, a new enterprise-class data protection solution that uses the PIE encryption protocol, designed for e-commerce merchants struggling with protecting PAN (primary account number) data exchanged in web-based transactions and reducing PCI DSS audit scope in web applications and infrastructure.

“We are the only vendor to have a comprehensive payments security solution both for card-present and now e-commerce, via end-to-end encryption, tokenization and data masking,” said Mark Bower, vice president of Product Management for Voltage Security. “For the first time, merchants can retain total control of their customer experience in the important payment capture process, without having cardholder data present in their ecosystem or key management worries--reducing risk and PCI compliance cost in the process.”

PIE is particularly useful for e-commerce and other cloud-based applications that use confidential personal information such as credit card numbers, social security numbers and the like. It leverages the patented Voltage Format-Preserving Encryption™, which ensures that data retains its format and semantics upon encryption, this means minimal changes to existing systems resulting in overall lowered costs for protecting data end-to-end.

E-Commerce Merchants Remain Vulnerable

As growth in online retailing continues, e-commerce merchants also continue to be vulnerable to data breach risks across their network and application infrastructure. Studies show global e-commerce is growing by more than 19% per year worldwide, and retail web sales are predicted to reach nearly $1 trillion by 2013. At the same time, 13% of web hacking cases in 2010 were related to criminals seeking to steal consumer financial and identity data from e-commerce web sites.**

“Voltage is giving e-commerce merchants a better perimeter than they’ve had before,” commented George Peabody, director, Emerging Technology Advisory Services, Mercator Advisory Group. “There are no silver bullets in payments security, but this is a much-needed step forward for the industry.”

“The rapid adoption of cloud computing and mobile applications is compounding data protection problems,” said Judith Hurwitz, president and CEO of Hurwitz & Associates. “Business boundaries no longer exist and a lack of transparency compounds security risks for companies.”

The new Voltage solution, Voltage SecureData Web, is targeted to e-commerce merchants who struggle with keeping PAN data confidential and reducing the PCI DSS audit scope.

Another Encryption Breakthrough

PIE represents the cumulative efforts of Voltage’s extensive research and presence in the payments industry. It adds to the prior cryptographic breakthroughs commercialized by Voltage including: IBE, Voltage Identity-Based Encryption™, which is widely recognized as the next generation of public key cryptography and is the foundation of Voltage SecureMail, now the world’s leading email encryption solution; FPE, Format-Preserving Encryption™, provides a simple and effective way to protect data in applications and databases with minimal change impact to existing infrastructure, and powers Voltage SecureData and Voltage SecureData Payments, the most comprehensive solution for end-to-end and point-to-point encryption in the payments industry; and now, PIE, a simple but effective way to protect browser-exchanged sensitive data and keep merchants out of PCI audit scope.

Voltage recently called for new measures to protect consumers from wide-ranging data breaches in this piece, “The Epsilon Hack Attack: Time for ‘SOX’ for Consumer?”

More Information and Availability

Voltage SecureData Web is in pilot deployment with leading payment providers and will be available for general delivery in summer 2011. For more information and to sign up for an online overview, please visit http://www.voltage.com/solutions/ecommerce.

About Voltage Security

Voltage Security, Inc., an enterprise security company, is an encryption innovator and global leader in enterprise data protection for data residing both inside and outside the cloud. Voltage solutions provide cloud-scale encryption and simplified key management for protecting sensitive information wherever it is stored and processed, on-premise or in private and public clouds. Voltage solutions are in use at almost 1,000 enterprise customers, including some of the world’s leading brand-name companies in payments, banking, retail, insurance, energy, healthcare and government.

Voltage solutions reduce the risks associated with theft of sensitive and private information, support privacy guidelines including PCI DSS, HITECH, U.S. Data Breach Disclosure laws and European Data Privacy directives, and uniquely provide security of data coupled with unmatched usability which results in significantly lowered total cost of ownership.

Harnessing award-winning cryptography and key management, including Voltage Identity-Based Encryption™ (IBE) and a breakthrough innovation in data usability, Format-Preserving Encryption™ (FPE), Voltage solutions have changed how enterprises protect their most valuable asset, their customer data. Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureFile™ and Voltage Cloud Services™ which provides cloud scale encryption and key management for businesses, partners and their customers. The Company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. To learn more about Voltage customers please visit voltage.com/customers.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...
CVE-2021-22866
PUBLISHED: 2021-05-14
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App o...
CVE-2021-27737
PUBLISHED: 2021-05-14
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
CVE-2021-32054
PUBLISHED: 2021-05-14
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.