Leading PCI QSA finds that a properly deployed PIE solution is one of the most effective data security controls available, enabling removal of PCI scope for merchants while also reducing 100% of compliance validation costs
Voltage Security® yesterday announced at the Cartes expo & conference in Las Vegas, that Coalfire, a leading independent Payment Card Industry (PCI) Qualified Security Assessor (QSA), has released a security assessment validating that Voltage Security’s Page-Integrated Encryption (PIE) provides end-to-end data encryption from the consumer’s browser to the merchant’s processer. Coalfire found that a merchant, working with its acquiring bank, could achieve 100 percent removal of PCI DSS scope in e-commerce and cloud transactions. When a merchant removes PCI DSS scope for their e-commerce environment they can also remove 100 percent of the PCI compliance validation costs.
By encrypting sensitive payment card data at the moment of capture, Voltage SecureData Web — the product that leverages the PIE technology — prevents sensitive data from being available to the e-commerce application or merchant, thus facilitating its complete removal from PCI-DSS scope. Voltage Security is the first data security supplier to offer scope-eliminating capabilities for card-not-present transactions using end-to-end encryption. Voltage is also the first vendor to have a comprehensive solution for merchants to secure payment data from point-of-sale and e-commerce transactions.
Coalfire President Kennet Westby, said, “Voltage is delivering powerful scope and cost reducing benefits with PIE, that give merchants new flexibility in accepting payments securely. Voltage’s advancements in this area, combined with growing market awareness, will quickly establish them as the market leader in secure e-commerce payments.”
For e-commerce, risk to cardholder data is significant. Card-not-present is one of the highest areas of risk according to Visa, which states, “Card-not-present merchants must take extra precaution against fraud exposure and associated losses. Anonymous scam artists bet on the fact that many Visa fraud prevention features do not apply in this environment.” 1 In Europe, where EMV and Chip & PIN are used, card-not-present environments are where more than 75 percent of card fraud remains. And with the current and projected future growth of mobile payment acceptance, security of cardholder data capture in mobile browsers is a key requirement of merchants today.
Commercially launched on April 27, 2011 from the Visa Summit in Washington D.C., Voltage SecureData Web with PIE is the first solution in the industry to encrypt sensitive data entered by consumers from within the browser, in the cloud or on web pages hosting e-commerce applications. Unlike other vendor solutions that use a third-party service to redirect the consumer to another page to enter credit card information, which disrupts the consumer experience, Voltage SecureData Web helps merchants retain complete control over the customer interaction at its most important point”checkout. According to Forrester, in 2010 88% of web buyers had abandoned shopping carts, with complex checkout processes cited as a top 10 e-commerce checkout problem.
“Providing the highest level of data security is at the core of the Voltage SecureData value proposition, but the byproducts of drastically reducing PCI scope ” as well as the associated complexities and costs ” are also highly desirable to business owners,” said Mark Bower, data protection expert and VP of Product Management at Voltage Security. “We estimate developers can also dramatically reduce time to market and compliance costs, and increase agility by leveraging PIE, which is built upon Format-Preserving Encryption (FPE) and Identity-Based Encryption (IBE) to reduce or eliminate PA-DSS scope for their applications.”