Multichannel security extensions for your payment solutions
Solve DataShield is a multichannel security extension to our secure payment solutions. Solve DataShield allows merchants to reduce the scope of PCI DSS within their organisation by removing card data using point to point encryption and tokenisation of card data.
As well as reducing the scope of PCI DSS within an organisation, Solve DataShield provides a two-factor authentication method for validating PIN Entry Devices (PED) to protect against security breaches using tampered PED hardware.
Point to Point Encryption
Solve DataShield encrypts the card data within the secure environment of a PIN Entry Device, and it is only decrypted within a PCI DSS compliant data centre prior to submission to the acquiring bank. This secure point to point encryption allows a face-to-face estate to be effectively taken out of scope with respect to PCI DSS, greatly reducing the cost of PCI DSS compliance. Find out more by downloading the P2PE Whitepaper and watching this short video.
Solve DataShield provides you with the ability to remove card data from third party systems such as Loss Prevention, Fraud Analysis and Customer Analytics. Where card data has previously been used it is replaced with a token that is not directly related to the original card data. The approach is also valid for any system that maintains client account data, including credit card numbers or that generates recurring transactions.
A system using tokenised card details is deemed out of scope for PCI DSS, thus reducing the cost of compliance and the effort required to modify third party systems and business processes to remove card data or operate without it.
Secure PED Authentication
There has been a rise in the number of security attacks on merchants that introduce rogue devices into a merchant's estate in order to steal card details. Solve DataShield plugs this security loophole by mandating a two-factor authentication process for PIN Entry Devices. Based upon the device itself and an out-of-band authentication message delivered to a trusted individual at the store or other physical location. The process does not require an engineer visit yet provides assurance that rogue devices have not been introduced into your environment.
Contact our payments security experts to discuss your multichannel security extension requirements.