|
ProPay Meets/Exceeds Visa’s Best Practices for Data Field Encryption
ProPay’s End-to-End Data Security Solution Consistent and Exceeds Visa’s Best Practices
In light of recent security breaches and expressed interest from the marketplace in End-to-End Encryption solutions for
securing card data, Visa recently published its Best Practices for Data Field Encryption along with the following definition
of End-to-End Encryption.
“Data field encryption protects card information from the swipe to the acquirer processor with no need
for the merchant to process or transmit card data in the clear.”
Visa has developed the following Best Practices to assist merchants in evaluating new encryption solutions emerging
in the marketplace. ProPay recognized the need for End-to-End Encryption as early as 2007 and began architecting
a solution. In mid 2008 ProPay implemented and began using its End-to-End data security solution in a production
environment. In February 2009 ProPay launched ProtectPay, its End-to-End data security solution for commercial
use.
Visa Best Practices for Data Field Encryption |
ProPay Solution |
Limit cleartext availability of cardholder data and
sensitive authentication data to the point of encryption
and the point of decryption. |
 |
Use robust key management solutions consistent with
international and/or regional standards. |
 |
Use key-lengths and cryptographic algorithms
consistent with international and/or regional standards. |
 |
Protect devices used to perform cryptographic
operations against physical/logical compromises. |
 |
Use an alternate account or transaction identifier for
business processes that requires the primary account
number to be utilized after authorization, such as
processing of recurring payments, customer loyalty
programs or fraud management. |
 |
ProtectPay’s approach starts with removing the existing sensitive data from a merchant and then providing a means of accepting and
processing payments that don’t require a merchant to store, transmit, or process sensitive payment data. From the point-of-sale
where sensitive payment information is obtained, and a large percentage of credit card data is stolen, ProtectPay safely captures the
data and protects it throughout processing, transmission and storage. With this data removed from a merchant’s system, the
merchant’s PCI scope is significantly reduced and the associated risks of losing the data are removed. While some service providers
are talking about their future E2E data security ideas, ProPay has commercially viable and functioning solutions today.
ProtectPay offers the following features:
- Encrypts sensitive customer data directly from the customer so cardholder data never touches a merchant’s system
- Stores, transmits and processes sensitive customer payment data, always in encrypted form
- Allows the data to be safely used for repeat billing and ongoing business transactions
- Provides a single interface to major gateways, processors, and service providers
- Stores multiple customer payment cards and alternative payment methods
- Allows for ongoing management of customers’ payment data
- Provides data search and reporting capabilities
- Facilitates refunds and credits
ProPay’s E2E strategy comprises a four-pronged approach:
- E2E Security – From the point where sensitive payment information is obtained and throughout transmission, processing and
storage of the data, ProPay removes sensitive payment information from the merchant so they never touch the data. Removing
the data removes the risks.
- E2E Compliance – ProPay alleviates most of the merchant’s PCI validation requirements. Rather than having to deal with the
burdens of evolving security standards and then hope that they are not breached, business owners can offload the information to
ProPay, which specializes in the secure storage and handling of such sensitive data.
- E2E Data Storage – From payment card transaction data to financial, health care information and other sensitive personal
information, ProPay ensures that sensitive data is archived and stored in a secure environment. A unique ID or token is used by
the merchant for further transactions on the data.
- E2E Single Vendor Partner – ProPay has more than a decade of experience providing simple, safe and affordable merchant
payment solutions to its customers, having gained knowledge and expertise in all areas relevant to acquiring, issuing,
processing, and storing sensitive data.
For more information about ProtectPay E2E data security, call ProPay today at (888) 227-9856.
Additional resource information:
Visa Press Release:
http://corporate.visa.com/media-center/press-releases/press941.jsp
Visa Best Practices for Data Field Encryption (PDF):
http://corporate.visa.com/_media/best-practices.pdf
|