Tokenize What Matters®

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. …​ When tokens replace live data in systems, the result is minimized exposure of sensitive data to those applications, stores, people and processes, reducing risk of compromise or accidental exposure and unauthorized access to sensitive data.
— Wikipedia

Tokenization is not only for credit card account numbers. In addition to protecting credit cards, the AuricVault® tokenization service secures and protects any sensitive textual information such as:

  • tax IDs (such as social security numbers)

  • driver licenses

  • names

  • addresses

The AuricVault® service also has the distinct ability to share sensitive data both within and without your organization:

  • collect data on public websites and view on internally-secure workstations.

  • exchange data with business partners and customers.

The following is just a sampling of uses for the AuricVault® service.

Contact Auric Systems International today to see how we can help you improve your data security and compliance:

PCI Data Proxy/OTA™ Service

Online Travel Agencies (OTAs) such as Booking.com, Expedia, etc. provide a web-based application programming interface (API) through which Channel Managers, hotels and other hospitality services such as rental car companies retrieve booking information.

The retrieved booking information contains credit card account numbers.

Goal

Comply with the Payment Card Industry Data Security Standard (PCI-DSS) requirements by removing the credit card account number from the Channel Manager’s data flow.

Solution

Note
The PCI Data Proxy/OTA™ service is in Beta. Production release date is scheduled for first quarter of 2018. Contact sales@AuricSystems.com to request access today.

These Channel Managers receive booking orders from multiple online travel agencies (OTAs) such as Booking.com, Expedia, Travel Advisor, etc. The returned order information contains credit card account numbers. The Channel Manager services need to remove the credit card account numbers from their data flow to meet PCI requirements.

ASI’s PCI Data Proxy/OTA™ service addresses the Channel Manager’s PCI security requirements. The Channel Manager’s communications with the Online Travel Agency flow through the PCI Data Proxy/OTA™ service which replaces the credit card account number with an AuricVault® token, thus removing the credit card account number from the Channel Manager’s environment. Our service then securely stores the data.

Before switching to the PCI Data Proxy/OTA™ service, the Hotel Channel Manager sent requests for new bookings directly to the Online Travel Agency. The responses had plaintext credit card account numbers.

The Auric PCI Data Proxy/OTA™ service tokenizes the Online Travel Agency’s responses.

Data Flow

OTA Proxy
The PCI Data Proxy/OTA™ tokenized data flow.
  1. The Channel Manager (or Hotel) sends an Online Travel Agency request to the Auric PCI Data Proxy/OTA™ service looking for customer reservations.

  2. The proxy service forwards that request to the Online Travel Agency.

  3. The Online Travel Agency responds with booking information.

  4. The PCI Data Proxy/OTA™ service scans the response and sends all the plaintext credit card account numbers to the AuricVault® service.

  5. The AuricVault® service securely stores the credit card account number and returns an AuricVault® token to the PCI Data Proxy/OTA™ service.

  6. The PCI Data Proxy/OTA™ service replaces the credit card account number with the token, then returns the tokenized response to the Channel Manager.

  7. The tokenized data is retrieved by an individual hotel, B&B, lodging facility, or car rental agency.

  8. The hotel sends the token to the AuricVault® service and,

  9. receives back the original (de-tokenized) credit card account number.

Security

  • Removing the credit card account numbers from the OTA response reduces Channel Managers PCI footprint.

  • Hotels, management services, and other hospitality vendors can use other Auric services to:

    • retrieve or process the credit card number securely within their facility.

    • pass the credit card number to client lodging facilities via an embedded iFrame.

    • convert the AuricVault® token to a specific payment processor’s token via Auric’s Token Swap™ service.

    • process payments with Auric’s Payments Passthrough service.

B&B Booking Website

A booking service’s website collects reservations for over a thousand regional bed and breakfast (B&B) proprietors. Guests make reservations at one or more of the B&Bs and enter their credit card information to reserve the room. The B&B proprietors log into the service’s website to review their bookings and retrieve the credit card billing information.

Goal

Remove the credit card number from the booking service’s data flow.

Solution

The booking service integrated two custom iFrames into their web service:

  • an iFrame on the front-end ordering page to tokenize the credit card account number.

  • an iFrame on the back-end order retrieval page to allow B&B proprietors to retrieve the credit card account number.

The booking service hosts both iFrames within the AuricVault® secure PCI hosting environment.

Data Flow

B&B Booking
B&B booking data flow.
  1. B&B service requests an AuricVault® browser-side encryption session.

  2. The AuricVault® service generates a one-time use session ID.

  3. The B&B service includes the session ID in the checkout page, and passes it to the secure iFrame hosted on Auric’s PCI-compliant servers.

  4. After user enters their billing information, the secure iFrame sends the session ID and the credit card account number to the AuricVault® service.

  5. The AuricVault® service tokenizes the credit card account number and returns a token to the secure iFrame. The secure iFrame provides this token to the parent checkout page.

  6. The Checkout page submits the user’s general billing information and AuricVault® token back to the B&B Booking service.

  7. When a specific B&B logs into the B&B booking service to retrieve the new booking order, the B&B Booking Service requests another session ID.

  8. The AuricVault® service returns the new session ID.

  9. The booking service provides the session ID and the AuricVault® token to the user’s browser and passes the information to a secure iFrame hosted on Auric’s PCI compliant servers.

  10. The Secure iFrame sends the session ID and AuricVault® token to the AuricVault® service, and

  11. receives back the decrypted original credit card account number.

Security

The AuricVault® service completely removes the credit card number from the booking service’s environment. The tokenization and de-tokenization occur within the user’s web browser.

Concierge Service

Many hotels provide concierge services which you can ask to book restaurant reservations, purchase theatre tickets, etc. The concierge typically needs access to your credit card account to perform these tasks.

Goal

  • Securely store and retrieve guest’s credit card information.

  • Do not store or process PCI-sensitive data on hotel servers.

Solution

Companies providing hotel operations systems and services integrate with the AuricVault® service as follows:

  • The hotel’s operations service collects the credit card account number at check-in.

  • The concierge retrieves data from the operations service using an embedded iFrame hosted on the AuricVault® Level 1 PCI Validated Service.

  • The credit card account number is stored in the AuricVault® service, not on the hotel’s servers.

Data Flow

Concierge Service
Concierge service data flow.

Concierge service has previously created AuricVault® tokens.

  1. The Concierge Web Service requests a session ID from the AuricVault® service.

  2. The AuricVault® service generates a one-time use session ID.

  3. The Concierge Web Service provides the session ID and the AuricVault® token to the user’s browser and passes the information to a secure iFrame hosted on Auric’s PCI compliant servers.

  4. The Secure iFrame sends the session ID and AuricVault® token to the AuricVault® service, and

  5. receives back the decrypted original credit card account number.

  6. The concierge uses the retrieved credit card data to purchase theatre tickets, book dinner reservations, etc.

Security

  • The front-end service has tokenize-only credentials. No data can be retrieved.

  • The concierge service credentials can retrieve and also add new credit card account numbers (people sometimes want to use a different credit card).

  • The back-end operations system logs which employees access which credit cards.

  • The AuricVault® service tracks which credentials access which tokens.

Inbound Edge Tokenization and Batch Delivery

A telemarketing firm for multiple non-profits uses a third-party service to collect donations for many of their clients. This third-party service automatically sends credit card information to a SOAP/XML service built and operated by the telemarketing firm. The telemarketing firm generates batch donation files containing the credit card information for all their clients.

Goal

Take the telemarketing firm’s data flow out of PCI scope by completely removing the credit card account number from their environment.

Solution

Auric provides two custom solution:

  • inbound SOAP Proxy

  • outbound batch de-tokenization

Inbound SOAP Proxy

Auric provides a custom PCI SOAP Proxy that:

  • intercepts the incoming SOAP request from the third-party service.

  • replaces the credit card account number in each SOAP request with an AuricVault® token.

  • forwards the tokenized request to the telemarketing firm.

Inbound Data Flow
Inbound SOAP
Inbound SOAP Proxy data flow.
  1. The Order Collection Service submits SOAP order transactions to the Auric SOAP Proxy Service.

  2. The proxy service extracts the credit card account number and sends it to the AuricVault® service.

  3. The AuricVault® service returns a token.

  4. The proxy service replaces the credit card account number with the AuricVault® token and then forwards the SOAP order to the Telemarketer’s web service.

Outbound Batch De-tokenization

The telemarketing firm uploads encrypted batch files (OpenPGP public/private key encryption) containing donor information and the AuricVault® token to Auric-managed, PCI-compliant SFTP servers. The batch files have different layouts for each client and are delivered in .csv, fixed-field, tab, and .xls/.xlsx formats.

Auric services:

  • transfer each batch to a secure processing server.

  • decrypt the batch file.

  • scan each batch file and convert AuricVault® tokens into credit card numbers.

  • Use OpenPGP to encrypt the resulting file with the client’s public encryption key.

  • upload the encrypted file to the SFTP service for client pickup.

Outbound Data Flow
Outbound Batch
Outbound batch data flow.
  1. The telemarketer uploads GPG encrypted files with tokenized data to Auric’s PCI secure SFTP server.

  2. The encrypted files are securely transferred to the Auric Batch De-tokenizer server.

  3. A batch process decrypts then scans each file to extract an AuricVault® token. The batch de-tokenizer scans extracts tokens from each file, sends the tokens to the AuricVault® service, and

  4. receives back the original data.

  5. The batch process then:

    • Replaces the AuricVault® token with the original cardholder account number.

    • GPG encrypts the final batch file.

    • Uses SFTP to upload the batch file to each company’s account.

Security

The Auric services completely remove the credit card data from the telemarketer’s data flow.

Auric also:

  • introduced OpenPGP public/private key encryption into the data flow.

  • migrated the incoming SOAP HTTPS connection to the latest HTTPS protocol (TLSv1.2) before the telemarketer upgraded their services.

Outbound Edge De-Tokenization

An order management firm aggregates repeat orders for multiple companies. Clients sign up for products to be delivered monthly and quarterly. The order management firm forwards the sales order to the end company on the requested schedule via JSON web API.

Goal

Comply with the Payment Card Industry Data Security Standard (PCI-DSS) requirements by removing the credit card account number from telemarketing firm’s environment.

Solution

The telemarketing firm was already using an embedded HTML iFrame hosted on the AuricVault® servers to collect and tokenize the credit card account number.

A de-tokenization web proxy service accepts out-bound JSON-RPC web API request from the order management firm, replaces the AuricVault® token with the original credit card data, and then securely forwards the order information to the end company.

Auric deployed this solution with minimal change to the firm’s existing environment:

  • a minor code change to post data to the outbound edge proxy vs. the end companies.

  • updated their rules.

Auric forwarded new source IP addresses to the end companies.

Data Flow

Outbound Edge
Outbound PCI proxy data flow.

The Order Management Service (OMS) uses the AuricVault® service to tokenized credit card account numbers. The card data now needs to be sent to various clients or business partners.

  1. The Order Management Service sends a JSON API request to Auric’s Outbound PCI Proxy Service.

  2. The proxy service extracts the token from the request and sends the token to the AuricVault® service.

  3. The AuricVault® service returns the original credit card data.

  4. The proxy service replaces the token in the API call with the original credit card data and forwards the JSON API request to the appropriate company.

Security

NOTE: The Auric JSON-RPC Proxy Service can manage different API calls to different processors. It is not limited to JSON interfaces. It supports XML, SOAP, HTML web forms, and custom data formats.

The Auric services completely remove the credit card data from the order management firm’s data flow.

Multiple Payment Processor Tokens

An order management service (OMS) website accepts orders for multiple companies. Each order may contain purchases from multiple companies. The OMS forwards orders to each company. Each company uses a different payment processor.

Goal

Remove credit cards from the order management service’s environment while providing each company with a token specific to their payment processor.

Solution

The order management service (OMS) uses an HTML iFrame hosted on the PCI-compliant AuricVault® servers to collect and tokenize the customer’s credit card number.

The OMS then makes multiple calls to the AuricVault® Token Swap™ service to create processor-specific tokens for each company.

The OMS forwards the processor-specific tokens in the company’s order.

The OMS does not need to integrate with each payment processor — just the AuricVault® Token Swap™ service. The single AuricVault® Token Swap™ interface reduces integration complexity.

Data Flow

Token Swap
Token Swap data flow.

The company has already created AuricVault® tokens while collecting inbound orders.

  1. The Order Management service sends an AuricVault® token to the AuricVault® Token Swap service and requests a token for a specific payment processor.

  2. The AuricVault® Token Swap service de-tokenizes the credit card account number, forwards it to the proper payment processor, and receives a processor-specific token back.

  3. The AuricVault® service returns the processor-specific token to the Order Management service.

  4. The Order Management service forwards the order containing the processor-specific token to the appropriate company.

Security

The AuricVault® service completely removes the credit card number from the OMS data flow.

The end-company receives the secure payment-processor specific token.

Deferred Ticket Orders

Employees at a major event venue can request event tickets months in advance:

  • A nationally-recognized ticket service manages the final ticket sales.

  • The venue has access to ticket sales before the public.

  • The venue manually retrieves the locally-requested ticket requests and enters them into the national ticket management service.

  • The employee credit card information must be secured until it is transferred to ticket service.

Goal

Do not store the employee’s credit card account number locally.

Solution

Auric developed two custom HTML iFrames for tokenizing and de-tokenizing the credit card account number.

The custom tokenizing iFrame checked that the expiration date on the credit card was later than the event date.

Data Flow

Deferred Tickets
Deferred tickets data flow.
  1. The Venue Reservation service requests an AuricVault® browser-side encryption session.

  2. The AuricVault® service generates a one-time use session ID.

  3. The Venue’s service includes the session ID in the ticket reservation page, and passes it to the secure iFrame hosted on Auric’s PCI-compliant servers.

  4. After the employee enters their billing information, the secure iFrame sends the session ID and the credit card account number to the AuricVault® service.

  5. The AuricVault® service tokenizes the credit card account number and returns a token to the secure iFrame. The secure iFrame provides this token to the parent checkout page.

  6. The Checkout page submits the employee’s general billing information and AuricVault® token back to the Venue Reservation service.

  7. When the actual tickets are available in the third-party ticketing service, a venue employee logs into the Venue Reservation service to retrieve cardholder information, the Venue Reservation service requests another session ID.

  8. The AuricVault® service returns the new session ID.

  9. The Venue Reservation service provides the session ID and the AuricVault® token to the employee’s browser and passes the information to a secure iFrame hosted on Auric’s PCI compliant servers.

  10. The Secure iFrame sends the session ID and AuricVault® token to the AuricVault® service, and

  11. receives back the decrypted original credit card account number.

  12. A venue employee then completes the order with the third-party ticketing service.

Security

The AuricVault® solution improved security by removing stored employee credit card account numbers from the venue’s servers.

Background/Credit Checks

A firm specializing in background and credit checks maintains multiple pieces of Personally Identifiable Information (PII), including social security numbers, credit card account numbers, birthdates, maiden names, etc.

Goal

Remove PII data stored on the firm’s servers with only minor changes to their legacy application. The firm was already PCI compliant and wanted to reduce the amount of sensitive data stored locally.

Solution

Firm modified their legacy application to use the AuricVault® service to tokenize certain data fields. (Also the reverse detokenization).

This change allowed the client to maintain their existing legacy system while reducing the amount of PCI and PII data stored on their servers.

Data Flow

Background Checks
Background checks storing Personally Identifiable Information.
  1. Agents collect Personally Identifiable Information (PII) on a web page that submits that information to the Web Application.

  2. The Web Application sends the individual pieces of PII to the AuricVault® service, and

  3. receives back tokens.

  4. When the data needs to be reviewed, the Web Application sends the token to the AuricVault® service, and

  5. receives back the original PII data;

  6. which is then displayed for another agent.

Security

  • Reduced PCI footprint (local storage).

  • Better adherence to many PII (privacy) laws in regards to data storage.

Failover Tokenization

A high-volume website provides 30-day free access after you enter your credit card information. The site uses an embedded iFrame to tokenize the credit card data directly with their payment processor. The website has experienced periodic outages with their payment processor.

Goal

Provide an alternative credit card account storage solution in the event of an outage at the primary payment processor.

Solution

A custom HTML iFrame hosted on the Level 1 PCI Compliant AuricVault® servers can be programmatically switched in when the website encounters problems communicating with the primary payment processor.

Once communication with the primary payment processor is restored, the website uses the Token Swap™ service to convert the AuricVault® tokens into payment processor tokens.

Security

The AuricVault® solution adds secure redundancy to the website’s primary payment processor interface.