Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Protegrity Launches Vaultless Tokenization for Payments Industry

Protegrity, a provider of data security solutions, on Wednesday announced Protegrity Vaultless Tokenization, an offering designed to help payment processors and gateways cost-effectively provide tokenization services to their clients.

That company says it can now support the largest companies in the payments industry with a lightweight tokenization solution that can scale to thousands of merchants, quickly, without the cost and complexity of backend database infrastructure.

Protegrity, a provider of data security solutions, on Wednesday announced Protegrity Vaultless Tokenization, an offering designed to help payment processors and gateways cost-effectively provide tokenization services to their clients.

That company says it can now support the largest companies in the payments industry with a lightweight tokenization solution that can scale to thousands of merchants, quickly, without the cost and complexity of backend database infrastructure.

By replacing sensitive credit card information with randomly-generated tokens that do not require storage in a token vault, Protegrity removes primary account number data from the payment environment, thereby facilitating PCI compliance and minimizing risk.

Protegrity explained that most traditional tokenization solutions were not designed to support thousands of distinct clients, a critical requirement for distributed payment networks. As a result, the company says, organizations relied on expensive, complex replication and central database technologies to create a new vault for every merchant requesting tokenization, resulting increased costs and added risk of a token vault breach.

Protegrity’s new offering for the payments industry brings the following benefits:

Multi-Merchant Tokenization: Enables processors and gateways to support limitless numbers of merchants. It is now possible to generate unique tokenized results of the same input data (e.g. credit card number) for each merchant — irrespective of whether the merchant has multiple locations.

Token Transparency: Provides an unlimited number of token formats to account for differences in how merchants handle tokens. This token transparency ensures that merchants do not have to change their systems when they receive tokens.

Advertisement. Scroll to continue reading.

Token Distinguishability: To support PCI DSS Tokenization Guidelines issued August 2011, Protegrity Vaultless Tokenization ensures that an actual credit card number can be distinguished from the tokenized credit card value in order to “validate the scope of the CDE [cardholder data environment] as part of their annual PCI DSS review.”

End-to-End Data Protection: Has the ability to provide end-to-end protection from the store to the payment processor or gateway, for data at rest or in transit. This allows the processor or gateway to deliver secure credit card processing to their merchants that is cost-effective and scalable.

“Today’s tokenization has failed the payments industry, requiring companies to create homegrown solutions or turn to limited vendor offerings that stifle their ability to effectively secure massive amounts of data across their full client base,” said Suni Munshani, CEO of Protegrity. “With this announcement, Protegrity enables processors and gateways to remove their customers’ financial, operational and security burden of dealing with toxic PAN data, while scaling across thousands of merchants.”

Protegrity Vaultless Tokenization for the Payments Industry is available immediately.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...