Protegrity, a provider of data security solutions, on Wednesday announced Protegrity Vaultless Tokenization, an offering designed to help payment processors and gateways cost-effectively provide tokenization services to their clients.
That company says it can now support the largest companies in the payments industry with a lightweight tokenization solution that can scale to thousands of merchants, quickly, without the cost and complexity of backend database infrastructure.
By replacing sensitive credit card information with randomly-generated tokens that do not require storage in a token vault, Protegrity removes primary account number data from the payment environment, thereby facilitating PCI compliance and minimizing risk.
Protegrity explained that most traditional tokenization solutions were not designed to support thousands of distinct clients, a critical requirement for distributed payment networks. As a result, the company says, organizations relied on expensive, complex replication and central database technologies to create a new vault for every merchant requesting tokenization, resulting increased costs and added risk of a token vault breach.
Protegrity's new offering for the payments industry brings the following benefits:
• Multi-Merchant Tokenization: Enables processors and gateways to support limitless numbers of merchants. It is now possible to generate unique tokenized results of the same input data (e.g. credit card number) for each merchant -- irrespective of whether the merchant has multiple locations.
• Token Transparency: Provides an unlimited number of token formats to account for differences in how merchants handle tokens. This token transparency ensures that merchants do not have to change their systems when they receive tokens.
• Token Distinguishability: To support PCI DSS Tokenization Guidelines issued August 2011, Protegrity Vaultless Tokenization ensures that an actual credit card number can be distinguished from the tokenized credit card value in order to "validate the scope of the CDE [cardholder data environment] as part of their annual PCI DSS review."
• End-to-End Data Protection: Has the ability to provide end-to-end protection from the store to the payment processor or gateway, for data at rest or in transit. This allows the processor or gateway to deliver secure credit card processing to their merchants that is cost-effective and scalable.
"Today's tokenization has failed the payments industry, requiring companies to create homegrown solutions or turn to limited vendor offerings that stifle their ability to effectively secure massive amounts of data across their full client base," said Suni Munshani, CEO of Protegrity. "With this announcement, Protegrity enables processors and gateways to remove their customers' financial, operational and security burden of dealing with toxic PAN data, while scaling across thousands of merchants."
Protegrity Vaultless Tokenization for the Payments Industry is available immediately.