Voltage Security, an encryption vendor, is touting Voltage Secure Stateless Tokenization technology, which the company says provides merchants and payment processors with a new approach to protecting card data.
The product also reduces the scope of complying with Payment Card Industry data security standards, Cupertino, Calif.-based Voltage said in a press release.
“Voltage SST technology is offered as part of the Voltage SecureData enterprise data security platform that unites … encryption, tokenization, data masking and key management to protect sensitive corporate information in a single comprehensive solution,” the Dec. 18 release said.
Tokenization replaces sensitive data like credit card numbers with non-sensitive substitute values. However, users are facing new and mounting compliance costs and complexities as they discover that conventional, first-generation tokenization doesn’t support business evolution and growth, the release said.
“Voltage SST technology solves this problem by eliminating the need for a token database, which has been a central element in tokenization solutions,” the release said. “It also removes the need to store sensitive data.”
The Voltage SST product also reduces the risk of breach, according to the release.
“The SST method is truly a paradigm shift in PAN tokenization,” Kennet Westby, president of Coalfire Inc., an independent IT governance, risk and compliance firm, said in the release. “Memory access is many thousands of times faster than disk access. By removing the database and practically eliminating disk I/O, performance is increased dramatically over conventional tokenization solutions.”
Typically, performance and security move in opposite directions but not with the Voltage product, Westby said.
“Secure stateless tokenization from Voltage is significantly reducing our PCI compliance scope and making our IT operations much easier to manage,” Alex Belgard, information security engineer, Crutchfield Corp., said in the release. “For example, within our network of several hundred servers, we anticipate scope reduction of more than 90%.”