Neutralize Threat of Payment Card Industry (PCI) Data Breaches with CertainSafe
Data breaches can have devastating effects on a company’s finances, brand reputation and even its very survival.
There are global sector-specific data protection and security requirements that regulate how an organization manages, protects, and distributes sensitive information. For example, when a merchant accepts payment cards as reimbursement for goods or services, the entity must follow certain mandates which are required by the Payment Card Industry Data Security Standard (PCI DSS). During the transaction processes, PCI DSS mandates that specific steps are taken to ensure stored and processed sensitive data is secured and protected. CertainSafe® is leading the industry by ensuring PCI Level 1 DSS compliance around data is achieved as organizations move to the Cloud.
PCI DSS are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing security standards, while the payment card brands enforce compliance. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.
All merchants that accept payment cards are required to obey PCI DSS regulations. To view the specific standards, visit https://www.pcisecuritystandards.org/.
Steps 3 & 4 of the PCI DSS Requirements specify that cardholder data, including Primary Account Number (PAN), cardholder name, and expiration date need to be protected when stored (data “at rest”) or during transmission across public networks (data “in flight”). When cardholder data is managed and managed in the cloud, companies need to ensure they are taking the proper steps to sustain compliance, which is an extremely complex task.
The latest version of PCI DSS magnifies the complexity of PCI cloud compliance. The new requirements do not provide detailed guidance on virtualization concepts such as multi-tenancy and shared responsibility.
Traditional measures using tokenization are insufficient for the threat companies face today.
CertainSafe’s approach called MicroTokenization provides tokenization of all data around the card number. It also increases the amount of data that can be “tokenized” from what was 16 bits to the new CertainSafe standard of more than 2 billion bits (2GBs-plus). This creates the ability to facilitate end-to-end encryption, securing data in rest as well as in motion. This feat has never before been accomplished. Additionally, all MicroTokenization is conducted within a PCI Level 1 DSS Certified environment as well as a HIPAA-complainant protected environment.
CertainSafe’s 2nd Generation Tokenization can be integrated into both a payment processor’s infrastructure, their Point of Sale (POS) systems as well as a company’s infrastructure through the use of a simple API process.
CertainSafe has taken tokenization to a whole new level of security standardization with the ability to “MicroTokenize” up to 2GBs of data right down to the byte level. This allows for protection of all forms of data “around a card” and/or other forms of payment transaction utilizing this breakthrough method.
Once data is MicroTokenized, all that would reside within a system would be non-sensitive data elements along with MicroTokens-or “placeholders” that do not contain any piece of the original data. When a data breach through perimeter defenses occurs, the compromised system would not contain any piece of the sensitive data that can be exploited because it would no longer reside there.
-David Schoenberger, Chief Innovation Officer of CertainSafe
Every day you wait increases the possibility of exposing sensitive data to hackers. Don’t wait, contact us today and we will work together with you to safeguard your critical data.