Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/28/2011
07:32 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Voltage Rolls Out Page-Integrated Encryption For Protecting Credit Card Numbers

PIE is particularly useful for e-commerce and other cloud-based applications that use confidential personal information

From the Visa Security Summit in Washington D.C.—April 27, 2011–- Voltage Security, a global leader in enterprise and payment card data protection inside and outside the cloud, today announced a new encryption breakthrough for protecting personal data entered by consumers on web pages called PIE for Page-Integrated Encryption™. The company also announced Voltage SecureData Web™, a new enterprise-class data protection solution that uses the PIE encryption protocol, designed for e-commerce merchants struggling with protecting PAN (primary account number) data exchanged in web-based transactions and reducing PCI DSS audit scope in web applications and infrastructure.

“We are the only vendor to have a comprehensive payments security solution both for card-present and now e-commerce, via end-to-end encryption, tokenization and data masking,” said Mark Bower, vice president of Product Management for Voltage Security. “For the first time, merchants can retain total control of their customer experience in the important payment capture process, without having cardholder data present in their ecosystem or key management worries--reducing risk and PCI compliance cost in the process.”

PIE is particularly useful for e-commerce and other cloud-based applications that use confidential personal information such as credit card numbers, social security numbers and the like. It leverages the patented Voltage Format-Preserving Encryption™, which ensures that data retains its format and semantics upon encryption, this means minimal changes to existing systems resulting in overall lowered costs for protecting data end-to-end.

E-Commerce Merchants Remain Vulnerable

As growth in online retailing continues, e-commerce merchants also continue to be vulnerable to data breach risks across their network and application infrastructure. Studies show global e-commerce is growing by more than 19% per year worldwide, and retail web sales are predicted to reach nearly $1 trillion by 2013. At the same time, 13% of web hacking cases in 2010 were related to criminals seeking to steal consumer financial and identity data from e-commerce web sites.**

“Voltage is giving e-commerce merchants a better perimeter than they’ve had before,” commented George Peabody, director, Emerging Technology Advisory Services, Mercator Advisory Group. “There are no silver bullets in payments security, but this is a much-needed step forward for the industry.”

“The rapid adoption of cloud computing and mobile applications is compounding data protection problems,” said Judith Hurwitz, president and CEO of Hurwitz & Associates. “Business boundaries no longer exist and a lack of transparency compounds security risks for companies.”

The new Voltage solution, Voltage SecureData Web, is targeted to e-commerce merchants who struggle with keeping PAN data confidential and reducing the PCI DSS audit scope.

Another Encryption Breakthrough

PIE represents the cumulative efforts of Voltage’s extensive research and presence in the payments industry. It adds to the prior cryptographic breakthroughs commercialized by Voltage including: IBE, Voltage Identity-Based Encryption™, which is widely recognized as the next generation of public key cryptography and is the foundation of Voltage SecureMail, now the world’s leading email encryption solution; FPE, Format-Preserving Encryption™, provides a simple and effective way to protect data in applications and databases with minimal change impact to existing infrastructure, and powers Voltage SecureData and Voltage SecureData Payments, the most comprehensive solution for end-to-end and point-to-point encryption in the payments industry; and now, PIE, a simple but effective way to protect browser-exchanged sensitive data and keep merchants out of PCI audit scope.

Voltage recently called for new measures to protect consumers from wide-ranging data breaches in this piece, “The Epsilon Hack Attack: Time for ‘SOX’ for Consumer?”

More Information and Availability

Voltage SecureData Web is in pilot deployment with leading payment providers and will be available for general delivery in summer 2011. For more information and to sign up for an online overview, please visit http://www.voltage.com/solutions/ecommerce.

About Voltage Security

Voltage Security, Inc., an enterprise security company, is an encryption innovator and global leader in enterprise data protection for data residing both inside and outside the cloud. Voltage solutions provide cloud-scale encryption and simplified key management for protecting sensitive information wherever it is stored and processed, on-premise or in private and public clouds. Voltage solutions are in use at almost 1,000 enterprise customers, including some of the world’s leading brand-name companies in payments, banking, retail, insurance, energy, healthcare and government.

Voltage solutions reduce the risks associated with theft of sensitive and private information, support privacy guidelines including PCI DSS, HITECH, U.S. Data Breach Disclosure laws and European Data Privacy directives, and uniquely provide security of data coupled with unmatched usability which results in significantly lowered total cost of ownership.

Harnessing award-winning cryptography and key management, including Voltage Identity-Based Encryption™ (IBE) and a breakthrough innovation in data usability, Format-Preserving Encryption™ (FPE), Voltage solutions have changed how enterprises protect their most valuable asset, their customer data. Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureFile™ and Voltage Cloud Services™ which provides cloud scale encryption and key management for businesses, partners and their customers. The Company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. To learn more about Voltage customers please visit voltage.com/customers.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.