Voltage SecureData Payments
End-to-End Cardholder Data Protection for Merchants and Processors

Overview:

In today’s environment of highly publicized software attacks and stronger regulatory requirements, mitigating the risk of a cardholder data breach at all points in the payment stream is critical – from authorization and settlement through business processes such as charge-backs, loyalty or repeat payments. Merchants and processors must be able to reliably protect credit card data at rest and in transit within their environment – and above all, reduce PCI scope as much as possible without impacting business workflows or customer facing business processes.

Voltage SecureData Payments™ provides complete point-to-point encryption (P2PE) for retail payment transactions, and with tokenization from Voltage SecureData™ Enterprise enables PCI scope reduction without the massive IT disruptions traditionally associated with encryption.

Voltage SecureData Payments Delivers:

• Reduced PCI audit cost and scope
  End-to-end encryption can be combined easily with tokenization to provide merchants with complete choice in reducing PCI audit scope. Built-in, PCI-ready reports simplify the audit process.
• Reduced risk of data loss or breach
  Cardholder data is protected or tokenized where it is stored, transmitted, or used. When deployed with sound internal controls, Voltage SecureData Payments renders sensitive information useless to unauthorized users, mitigating risk of data breaches at any point in the payment stream.
• Significantly lower implementation and management costs
  Keys are securely generated on demand and not stored; point-of-sale (POS) devices are not subject to key injection; and key rotation is automated and transparent thus eliminating labor-intensive processes and reducing costs.

Key Features and Capabilities:

• Voltage Secure Stateless Tokenization™ (SST)
  Voltage SST replaces PAN data after authorization, which reduces the risk of data theft and removes merchant systems from PCI scope.
• Voltage SecureData Web
  Voltage SecureData Web™ protects payment information at the browser – from the point the customer enters their cardholder information – protecting the data throughout the entire transaction system.

Features:

Voltage SecureData Payments Protects, Simplifies, Reduces

Voltage SecureData Payments protects payment data at all points, from swipe through to the payment processor, end-to-end. It eliminates the traditional complexities associated with payment device key injection, key management, payment application changes, and enables a true end-to-end architecture that can be rapidly deployed even in the most com- plex environments.

By protecting the data itself, Voltage SecureData Payments eliminates security gaps that exist between networks, databases and applications when protect- ed with point security solutions are used.

Enabling Voltage SecureData Payments can reduce the cost of complying with the PCI DSS – a direct result of reducing the number of changes necessary to implement payment data protection and eliminating payment data from databases and applications.

Innovation in Cryptography Provides End-to-end Encryption without Massive Changes

Voltage SecureData Payments is a complete payment transaction protection framework, built on two breakthrough technologies encompass- ing encryption and key management: Voltage Format-Preserving Encryption (FPE) and Voltage Identity-Based Encryption (IBE). These two technologies combine to provide a unique architecture that addresses the complexity of retail environments with high transaction volume.

Format-Preserving Encryption

With Voltage Format-Preserving Encryption (FPE), credit card numbers and other types of structured information are protected without the need to change the data format or structure. In addition, data properties are maintained, such as a checksum, and portions of the data can remain in the clear. This aids in preserving existing processes such as BIN routing or use of the last 4 digits of the card in customer service scenarios.

Identity-Based Encryption

Identity-Based-Encryption (IBE) is a breakthrough in key management that eliminates the complexity of traditional Public Key Infrastructure (PKI) systems and symmetric key systems. In other words, no digital certificates or keys are required to be injected or synchronized. IBE also enables end-to-end encryption from swipe-to-processor and swipe-to-trusted-merchant applications.

With POS solutions that use legacy symmetric encryption, encryption keys must be reset annually for each POS device through a process called key injection. This procedure is expensive and cumbersome, as merchants must take POS devices offline while new keys are injected. With Voltage SecureData Payments, because encryption keys are securely generated on demand and not stored, POS devices are not subject to key injection and key rotation. This function happens system- atically, eliminating labor-intensive key management processes and costs.

Voltage SecureData Payments Compatibility

• Robust Host Side Capabilities and Broad Platform Support: Voltage SecureData Payments Host SDK can be deployed on a wide variety of platforms including HP NonStop, Windows, Linux, UNIX, z/OS and Stratus. Voltage SecureData is the only data protection solution available that natively runs on Stratus VOS, enabling maximum protection and efficiency.
• Multiple Integration Options: Processors and merchants can choose to integrate using SDKs, web services, and/or command line tools for quick and simple deployment. End-to-end encryption can easily be combined with Voltage Secure Stateless Tokenization (SST) to provide merchants with a complete solution for reducing PCI audit scope.
• Integrated POS Systems: Voltage SecureData Payments POS SDK integrates easily into a variety of POS devices and platforms. Voltage SecureData Payments can also support devices with Tamper Resistant Security Modules (TRSMs).
• Light-weight Mobile Integration: For mobile terminals or sleeves that accept payment data, Voltage offers a light-weight POS SDK that accommodates the low power and small memory requirements to support mobile form factors.

How Secure is Secure?

To ensure compliance with Visa and PCI DSS best practices and requirements, Cryptographic Assurance Services, LLC (CAS), a leader in cryptographic compliance consulting, has conducted an independent security review and verified that Format-Preserving Encryption conforms with the complete list of Visa’s global industry best practices for data encryption, and the PCI DSS encryption requirements.

Documentation:

Download the Voltage SecureData Payments Data Sheet (PDF).