DataDivider’s Virtual Keypad is part of its suite of tools that facilitate the capture of numeric privacy data without exposing that privacy data to the local machine where users operate. This technique is called Data Capture Cloaking.
The Virtual Keypad runs within DataDivider’s Secure Cloud which is a Level 1 Service Provider certified PCI DSS compliant environment.
The Virtual Keypad is visualized to the agent through DataDivider’s Secure Browser running on their local machine. The Virtual Keypad provides a mechanism by which numeric privacy data can be entered by mouse click such that the mouse click coordinate is valueless to a potential hacker that has breached the local agent machine. In order to realise this goal three factors have to come into play. First, the Virtual Keypad has to run within DataDivider’s Secure Cloud. This is where CHD is processed. Secondly, the Virtual Keypad has to be visualized on the agent desktop so the agent can use their mouse clicks to select the PAN digits. Thirdly, access to this visualization must be through DataDivider’s Secure Browser such that frames images are protected and inaccessible to any would be hacker.
If the Virtual Keypad used a Numpad it could be potentially possible for a hacker to reverse engineer mouse click coordinates back to the privacy data. This is because each digit coordinate would be relative to the other digits within the Numpad. Some numeric privacy data, such as the Primary Account Number (PAN) of a credit card, adhere to strict validation rules. A PAN has to pass the MOD10 luhn test and the first 6 digits have to be a valid Bank Identification Number (BIN). Combining the validation rules with the relative positions of digits, it would be mathematically feasible to reverse engineer some privacy data.
Therefore, the Virtual Keypad adopts alternative approaches to the Numpad such that no reverse engineering of any privacy data is feasible. The preferred approach is where we use a circular Keypad and randomize where zero is positioned. By randomly repositioning the keypad after the entering of each four digits we ensure that there is zero value of the mouse click coordinates to a would-be hacker. Some clients prefer using a Numpad where the digits are scrambled. Again, this avoids any possibility of potential reverse engineering of privacy data from the mouse click coordinates.
Once privacy data has been captured with the Secure Cloud then this can be tokenized or passed onto third parties, all while not exposing privacy data to the company infrastructure.