End-to-End Protection for Web Transactions
Voltage SecureData Web™ protects payment data captured at the browser, from the point the customer enters their cardholder information or personal data, and keeps it protected all the way through the web tier, the application tier, cloud infrastructure, and upstream IT systems and networks to the trusted host destination. This shields data from theft in all intermediate systems in merchants or enterprises, reducing risk to data and enables full end to end data protection. Payment information, Tax ID’s, authentication credentials, or any structured field can be protected from capture, only accessible by trusted systems even in sophisticated distributed web applications.
Voltage SecureData Web works without user interaction and without compromising the customer experience. It is designed to work in any browser whether on a laptop or a mobile phone, without browser add-ons or plug-ins. Voltage SecureData Web uses Voltage’s patented Page-Integrated Encryption™ (PIE) technology to encrypt data directly in the browser the moment it is captured, using random single-use keys that are dynamically and transparently generated. Protected data can only be decrypted at the trusted host system at the destination – for example at a payment processor in the case of payment card data, or in a trusted data processing system in the case of personal data.
For e-commerce payments which are subject to PCI DSS, Voltage SecureData Web can help merchants significantly reduce PCI DSS scope for the systems and applications that previously handled cardholder data. Voltage SecureData Web has been independently assessed to reduce PCI DSS scope by a leading PCI DSS QSA.
For cases involving personal data, Voltage SecureData Web can reduce the exposure of live information and simplify compliance with applicable privacy laws. Voltage SecureDataWeb securely enables adoption of cloud based services which reduce scale and compliance costs. By enabling protection of the data itself from capture all the way to its destination, compensating controls required to secure data where SSL sessions terminate can be eliminated.
Voltage SecureData Web Delivers:
- Reduced risk for e-commerce transactions
Payment data is no longer exposed to hackers on web server infrastructure, networks and other systems between the browser and payment processor. This reduces the risk to data loss as data moves between systems.
- End-to-end security for sensitive personal data capture
Personal and sensitive data remains secure while passing through web and cloud infrastructure, reducing the risk of exposure in third party systems and cloud applications in the data flow.
- Seamless customer experience
Data protection is transparent to end users, and lets the owner of the data control the whole end to end customer experience without resorting to page re-directs, disruption, or confusing workflows.
Key Features and Capabilities:
- Preservation of data format and structure
Voltage SecureData Web permits policy information to be embedded into the encrypted data field while preserving the format and structure of the original data. For example, for credit card payments, this allows merchant access to the first 6 and/or last 4 digits of the credit card information for payment business processes, while protecting the sensitive digits from the browser to the payment processor.
- Ease of deployment
Deploys effortlessly, requiring as little as three lines of HTML code, and easy to deploy virtual infrastructure components for stateless key management and host decryption.