Voltage Security Page-Integrated Encryption Enables Risk Mitigation and 100 Percent Scope Reduction for E-commerce Transactions
March 6, 2012 – Voltage Security®, the world leader in data-centric encryption and key management, today announced that Coalfire, a leading independent Payment Card Industry (PCI) Qualified Security Assessor (QSA), has released a security assessment validating that Voltage Security’s Page-Integrated Encryption (PIE) provides end-to-end data encryption from the consumer’s browser to the merchant’s processer. Coalfire found that a merchant, working with its acquiring bank, could achieve 100 percent removal of PCI DSS scope in e-commerce and cloud transactions. When a merchant removes PCI DSS scope for their e-commerce environment they can also remove 100 percent of the PCI compliance validation costs.
By encrypting sensitive payment card data at the moment of capture, Voltage SecureData Web — the product that leverages the PIE technology — prevents sensitive data from being available to the e-commerce application or merchant, thus facilitating its complete removal from PCI-DSS scope. Voltage Security is the first data security supplier to offer scope-eliminating capabilities for card-not-present transactions using end-to-end encryption. Voltage is also the first vendor to have a comprehensive solution for merchants to secure payment data from point-of-sale and e-commerce transactions.
Coalfire President Kennet Westby, said, “Voltage is delivering powerful scope and cost reducing benefits with PIE, that give merchants new flexibility in accepting payments securely. Voltage’s advancements in this area, combined with growing market awareness, will quickly establish them as the market leader in secure e-commerce payments.”
For e-commerce, risk to cardholder data is significant. Card-not-present is one of the highest areas of risk according to Visa, which states, “Card-not-present merchants must take extra precaution against fraud exposure and associated losses. Anonymous scam artists bet on the fact that many Visa fraud prevention features do not apply in this environment.” 1 In Europe, where EMV and Chip & PIN are used, card-not-present environments are where more than 75 percent of card fraud remains. And with the current and projected future growth of mobile payment acceptance, security of cardholder data capture in mobile browsers is a key requirement of merchants today.
Commercially launched on April 27, 2011 from the Visa Summit in Washington D.C., Voltage SecureData Web with PIE is the first solution in the industry to encrypt sensitive data entered by consumers from within the browser, in the cloud or on web pages hosting e-commerce applications. Unlike other vendor solutions that use a third-party service to redirect the consumer to another page to enter credit card information, which disrupts the consumer experience, Voltage SecureData Web helps merchants retain complete control over the customer interaction at its most important point—checkout. According to Forrester, in 2010 88% of web buyers had abandoned shopping carts, with complex checkout processes cited as a top 10 e-commerce checkout problem.
“Providing the highest level of data security is at the core of the Voltage SecureData value proposition, but the byproducts of drastically reducing PCI scope — as well as the associated complexities and costs — are also highly desirable to business owners,” said Mark Bower, data protection expert and VP of Product Management at Voltage Security. “We estimate developers can also dramatically reduce time to market and compliance costs, and increase agility by leveraging PIE, which is built upon Format-Preserving Encryption (FPE) and Identity-Based Encryption (IBE) to reduce or eliminate PA-DSS scope for their applications.”
About Voltage Security
Voltage Security®, Inc. is the world leader in providing data-centric encryption and key management solutions for combating new and emerging security threats. With innovative, powerful and easy-to-use encryption and tokenization solutions for protecting sensitive business data, Voltage customers are able to address privacy regulations and best practices from around the world. Voltage customers adopting data-centric encryption include some of the largest companies in the world across a wide variety of industries including payments, financial, insurance, medical, e-commerce and more. Voltage solutions include three groundbreaking encryption approaches: Identity-Based Encryption (IBE), Format-Preserving Encryption (FPE), and Page-Integrated Encryption (PIE). Voltage solutions have changed how enterprises protect their most valuable assets—their customer data. Offerings include Voltage SecureMail, Voltage SecureData, Voltage SecureData Payments, Voltage SecureFile, Voltage SecureData Web and Voltage Cloud Services, which provides cloud scale encryption and key management for their businesses, partners and customers. The company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. To learn more about Voltage customers please visit voltage.com/customers.
Coalfire is a leading independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Coalfire has offices in Dallas, Denver, Los Angeles, New York and Seattle and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire offers a new generation of cloud-based IT GRC tools under the Navis brand that are used to efficiently manage IT controls and keep pace with rapidly changing regulations and best practices. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, NERC CIP, Sarbanes-Oxley and FISMA. Coalfire is a Qualified Security Assessor (QSA) and Payment Application QSA (PA-QSA). For more information, please visit www.coalfire.com.
Voltage Identity-Based Encryption, Voltage Format-Preserving Encryption, Page Integrated Encryption, Voltage SecureMail, Voltage SecureData, Voltage SecureData Payments, Voltage SecureData Web, Voltage SecureFile, and Voltage Cloud Services are trademarks of Voltage Security, Inc. All other trademarks are property of their respective owners.