Our Solutions
Data Capture Cloaking
Data Capture Cloaking is the technique by which DataDivider can capture numeric privacy data without exposing that data to the local device. Through this technique it is possible to reduce the scope of privacy data compliance by excluding the local device (and by extension the local network) from the compliance program. DataDivider warrants its controls…
Secure Cloud
The DataDivider Secure Cloud is an audited secure environment meeting all privacy data compliance standards. Access through the Secure Browser to this hosted environment ensures that these compliance standards are maintained to the end point where privacy data is created and maintained…
Secure Browser
DataDivider’s Secure Browser provides a fully protected data entry and presentation environment. The Secure Browser isolates this environment from the local device providing remotely all the security measures necessary to protect privacy data. The architecture of the solution is such……
DTMF Tone Masking
Where businesses are looking to exclude their telephony environment from exposure to privacy numeric data then they can deploy DataDivider’s DTMF Tone Masking/Muting solution. Rather than have customers verbalize sensitive numeric data to contact centre agents or back office staff they…
Virtual Keypad
DataDivider’s Virtual Keypad is part of its suite of tools that facilitate the capture of numeric privacy data without exposing that privacy data to the local machine where users operate. This technique is called Data Capture Cloaking
The Virtual Keypad runs within DataDivider’s Secure Cloud which is a Level 1 Service….
Tokenization
DataDivider fully supports the concepts of de-valuing privacy data. This is the notion of transforming privacy data into valueless substitutes at the point of data capture and only reconstituting privacy data at necessary times where the privacy data is actually required. This ensures that…
Interceptor
Many businesses have struggled to remove privacy data from their applications thereby leaving these applications servers and databases exposed to privacy data. As such they still require all necessary security controls in these environments to meet data privacy compliance regulations. By replacing privacy data with tokens it is possible to remove…
Secure Capture
DataDivider’s Secure Capture delivers a payment link via SMS, Email, Chat or any other Social Media platform. Through this simple communication of a URL, customers are easily re-directed to a secure online payment page where they may enter their card details. For attended channels…
Virtual Keypad
DataDivider’s Virtual Keypad is part of its suite of tools that facilitate the capture of numeric privacy data without exposing that privacy data to the local machine where users operate. This technique is called Data Capture Cloaking.
The Virtual Keypad runs within DataDivider’s Secure Cloud which is a Level 1 Service Provider certified PCI DSS compliant environment.
The Virtual Keypad is visualized to the agent through DataDivider’s Secure Browser running on their local machine. The Virtual Keypad provides a mechanism by which numeric privacy data can be entered by mouse click such that the mouse click coordinate is valueless to a potential hacker that has breached the local agent machine. In order to realize this goal three factors have to come into play. First, the Virtual Keypad has to run within DataDivider’s Secure Cloud. This is where CHD is processed. Secondly, the Virtual Keypad has to be visualized on the agent desktop so the agent can use their mouse clicks to select the PAN digits. Thirdly, access to this visualization must be through DataDivider’s Secure Browser such that frames images are protected and inaccessible to any would be hacker.
If the Virtual Keypad used a Numpad it could be potentially possible for a hacker to reverse engineer mouse click coordinates back to the privacy data. This is because each digit coordinate would be relative to the other digits within the Numpad. Some numeric privacy data, such as the Primary Account Number (PAN) of a credit card, adhere to strict validation rules. A PAN has to pass the MOD10 luhn test and the first 6 digits have to be a valid Bank Identification Number (BIN). Combining the validation rules with the relative positions of digits, it would be mathematically feasible to reverse engineer some privacy data.
Therefore, the Virtual Keypad adopts alternative approaches to the Numpad such that no reverse engineering of any privacy data is feasible. The preferred approach is where we use a circular Keypad and randomize where zero is positioned. By randomly repositioning the keypad after the entering of each four digits we ensure that there is zero value of the mouse click coordinates to a would-be hacker. Some clients prefer using a Numpad where the digits are scrambled. Again, this avoids any possibility of potential reverse engineering of privacy data from the mouse click coordinates.
Once privacy data has been captured with the Secure Cloud then this can be tokenized or passed onto third parties, all while not exposing privacy data to the company infrastructure.
Data Capture Cloaking
Data Capture Cloaking is the technique by which DataDivider can capture numeric privacy data without exposing that data to the local device. Through this technique it is possible to reduce the scope of privacy data compliance by excluding the local device (and by extension the local network) from the compliance program. DataDivider warrants its controls and security measures protect the local device without the necessity of businesses independently securing the device.
DataDivider’s Virtual Keypad running within DataDivider’s Secure Browser provides the device user the ability to enter numeric digits by mouse or touch without exposing these digits to the local device. The Virtual Keypad can present either a circular keypad or a random numpad. The circular keypad randomizes the initial positioning of zero and after entering every set number of digits it flips to a new random position. Likewise the random numpad scrambles the digits. As the Secure Browser prevents any images of the Virtual Keypad it is not possible to re-engineer the touch points or mouse click coordinates to the entered digits.
Within the DataDivider cloud these touch points or mouse clicks are interpreted to the selected digits. Once the sensitive data has been assembled it can be de-valued before processing or passing back to the business such that exposure to the business of this sensitive data is minimised.
Non numeric privacy data is secured through DataDivider’s Secure Browser however the Virtual Keypad running within the Secure Browser has the added security of addressing hardware based keyboard loggers.
Secure Browser
DataDivider’s Secure Browser provides a fully protected data entry and presentation environment. The Secure Browser isolates this environment from the local device providing remotely all the security measures necessary to protect privacy data. The architecture of the solution is such that should the local device be compromised this would not result in any of the privacy data within the Secure Browser being placed at risk.
The Secure Browser environment is not vulnerable to Man in the Middle (MITM), Man in the Browser (MITB) and DNS attacks. By remotely managing security within the Secure Browser it is possible to maintain the latest malware detection across this distributed environment. This central management removes the burden from businesses of having to self-maintain the security of their devices for the processing of privacy data.
Fundamental to the protection of the Secure Browser is the security of privacy data accessed within the environment. No frame images are available rendering printing including print screen functions non-functional. Likewise all cut and paste and other clipboard functions are disabled. The environment protects against all software keyboard loggers. So only controlled and audited access to privacy data is available.
Tokenization
DataDivider fully supports the concepts of de-valuing privacy data. This is the notion of transforming privacy data into valueless substitutes at the point of data capture and only reconstituting privacy data at necessary times where the privacy data is actually required. This ensures that when privacy data is at rest or in transmission is it rendered useless to any would be hacker. Although this can be achieved through sophisticated encryption the technique of tokenization offers a host of additional benefits.
Tokenization allows for privacy data to only be at rest in a Token Vault. Token vaults are generally housed in secure cloud environments which offer dedicated security controls at the very highest level which meets all privacy data compliance standards. As access within a DataDivider environment to tokenization services is always through the DataDivider Secure Cloud and Secure Browser this ensures protection end point to end point.
DataDivider is token provider independent and works with all major Payment Service Providers (PSPs) as well as dedicated Token Providers. If a business has no preference DataDivider by default uses Liaison’s tokenization services. These tokenization services are available for all types of privacy data including but not limited to name, address, zip/post code, bank account number, routing/sort code, social security number/national insurance number and credit/debit card number.
Secure Cloud
The DataDivider Secure Cloud is an audited secure environment meeting all privacy data compliance standards. Access through the Secure Browser to this hosted environment ensures that these compliance standards are maintained to the end point where privacy data is created and maintained within the business. Furthermore, access from the Secure Browser is provided to remote sessions hosted within the Secure Cloud. The security within these desktop sessions is tightly locked down to only allow bonefide communications of privacy data with authorized third parties of the business. All sessions are monitored providing user audit of access to this privacy data.
Secure Capture
DataDivider’s Secure Capture delivers a payment link via SMS, Email, Chat or any other Social Media platform. Through this simple communication of a URL, customers are easily re-directed to a secure online payment page where they may enter their card details. For attended channels, agents are provided a visualization of this payment page and can monitor the customer’s progress, keystroke by keystroke, without any sensitive Personally Identifiable Information (PII) or CHD being exposed to the agent. The picture below shows the step by process of sending the payment link, the customer receiving the SMS, opening the link and the secure payment page.
Figure 1: DataDivider’s Secure Capture provides a URL Payment Link
As the customer enters their payment details, as shown below, the agent can monitor their progress.
Once CHD has been secured, DataDivider’s Secure Capture processes this data without bringing the merchant into PCI DSS scope. Secure Capture supports a multitude of payment application integration techniques, all maintaining the aforementioned descoping, including but not limited to:
Application hosting
PSP Virtual Terminal
Web thin client
Server and Client
Tokenization
PSP
Codeless integration
Benefits of DataDivider’s Secure Capture
Facilitates 3-D Secure
Liability shift from merchant to issuer
Reduction of charge backs
Reduced transaction rates
Full PCI DSS de-scope
Codeless Integration into Payment Applications
Aligns to merchant’s PSP and tokenization strategies
Fraction of cost of DTMF tone masking
Provides customers with a familiar and proven secure method of sharing card details
Allows for automated secure population of card details from customer device wallets
Provides agents with secure visualization of card data capture process to assist customers
DTMF Tone Masking
Where businesses are looking to exclude their telephony environment from exposure to privacy numeric data then they can deploy DataDivider’s DTMF Tone Masking/Muting solution. Rather than have customers verbalize sensitive numeric data to contact centre agents or back office staff they can be invited to enter these digits into their telephone keypads. These generated DTMF tones are masked/muted from these staff and the business telephony infrastructure. This removes both the physical contact center/back office and the telephone infrastructure from privacy data compliance scope.
Once the privacy data has been captured within the DataDivider cloud it can be de-valued before processing or passing back to the business such that exposure to the business of this sensitive data is minimised.
Interceptor
Many businesses have struggled to remove privacy data from their applications thereby leaving these applications servers and databases exposed to privacy data. As such they still require all necessary security controls in these environments to meet data privacy compliance regulations.
By replacing privacy data with tokens it is possible to remove data stores from the scope of privacy data security controls thereby significantly reducing the cost of compliance. However, to also take the applications themselves out of scope for privacy data security management then the privacy data has to be tokenized before the application layer.
DataDivider’s Interceptor can isolate a business’s application layers by providing its tokenization services either within an iFrame for ecommerce or within its Secure Browser for the contact centre/back office. As all brokering of privacy data with tokens can be managed within DataDivider’s Secure Cloud this precludes privacy data being exposed to businesses themselves thereby significantly reducing their privacy data security costs.
In order to minimize change costs within applications DataDivider’s Interceptor has the capability of injecting format preserved tokens directly into existing screens and thereby into the application’s data store. For all required communications of privacy data to third parties Interceptor can also broker this.
Rather than communicating directly with the third party DataDivider’s Interceptor redirects the communication to DataDivider’s Secure Cloud which acts as a proxy for the third party. The re-directed API payload containing the privacy data tokens is then detokenized and redirected to the third party. The resultant message from the third party is then redirected back to the business.
Interceptor together with the Secure Browser ensures that no privacy data is exposed to the business thereby reducing the cost and risk of privacy data compliance.
Interceptor’s ability to interact with the business’s application User Interface (UI) vastly reduces the cost of integration. Rather than having to open the patient for internal surgery no changes are required to application code. This not only eliminates the need for generally scarce resources it stops the necessity of application release testing and being included within the application release cycle. Roll out is deduced from months to days.
Interceptor on Steroids
In early 2022 DataDivider released Interceptor IFrame Injection for web-based payment applications.
Major benefits include:
Works locally on the merchant desktop (elimination of the need for a remote desktop yet still keep the local desktop out of PCI DSS scope)
No credential management required as “piggy backs” off the payment application credential management
Performance enhancements through:
Removal of remote desktop
Removal of credential management
Speed of proxy service