ENTERPRISE VAULTLESS TOKENIZATION ™
Worlds first and only Vault-less Tokenization as a Service U.S. Pat. Nos. 1,389,688 B2
Whether or not to implement a security measure always boils down to money. “How much risk is acceptable vs. the cost of prevention?” It’s a simple formula really; if the cost to protect against a vulnerability is greater than the estimated loss due to it being exploited, then its beneficial just accept the risk, otherwise try to mitigate, avoid, or transfer it. When you survey the multitude of products and solutions on the market that address data-level security or if you have had first hand experience owning them after implementation, you know there are always hidden and unanticipated costs which rarely get refactored back into the equation. Some of these costs include licensing of supporting hardware, licensing of virtualized infrastructure, getting the solution properly monitored and reported on, tuned for your SLAs, simply training and investing in human capital who understand and can operate the solution, and the list goes on. Moreover, you might not be surprised to learn that in many cases though the time and money is spent on implementing security solutions, the true risks are never fully addressed.
We built our own payment service where we could manage different PSP (Payment Service Providers) on the backend. This allowed us to be completely agnostic to what PSP would be used to acquire a credit card transaction and avoid any relationships with similar products such as stripe.com. Still we wanted to provide a wallet type of experience for our customers. Each PSP provided credit card tokenization and a wallet functionality but we didn’t want to be locked into any of those relationships. This is where NXT-Security’s Vaultless Tokenization really shined for us. We were able to use it to protect our customer’s credit card transactions and may PCI compliance a breeze. Using Tokenization from NXT-Security completely removed the persistence attack surface from our infrustructure since no real credit card data is stored; only tokens. We still have the scope of Processing and Transmission but we found those areas very easy to monitor, audit, mitigate risk, and pass PCI certifications. API integration was simple and the speed and capacity is outstanding. Performance and load tests before and after implementing the Tokenization service showed virtually no increase latency. I would completely recommend using NXT-Security.
In my opinion this is the only real cost effective solution out there for any environment that has legacy equipment and software. By implementing a vaultless tokenization solution, it is not necessary to modify the applications because a company will not have to have a database of encrypted credit cards. A company simply has to deploy the vaultless tokens and compliance with the PCI compliance requirements follows for considerably less cost to the business.
Take a Quick Tour
Keywords: mobile payment, payments tokens, tokenization process, cardholder data, cloud based, payment processing, industry standards, tokenized data, credit card numbers, connected devices