DataDivider: Press Release

DataDivider announced at the North America annual PCI (Payment Card Industry) Community Meeting the availability of its ground breaking, patent pending, Virtual Keypad. Today, most corporations who take card payments over the phone have elected to allow their customer to continue to verbalize their card details to ensure no negative impact to the customer journey.  With DataDivider’s Virtual Keypad it is now possible, for such payments, not to expose cardholder data to the call centre data infrastructure taking the burdens of PCI controls away from desktops, networks and back end servers. Historically it has proven very expensive for corporations to establish and maintain PCI controls for phone payments.

Jon Clark, CEO at DataDivider stated, “To date, for telephone payments, only DTMF tone masking solutions have afforded corporations the ability to reduce their PCI scope and costs in meeting the industry’s stringent requirements. It is now possible for the 90% plus merchants who elected not to go this route and to “pause and resume” their call recorders to also benefit from similar cost reductions”. Jon added, “We have gone through extensive auditing with our QSA who can now attest our ability to secure the local call center desktop and not expose the local environment to cardholder data”.

“DataDivider have taken a unique approach for tackling the challenges of call center payments” said Laurent Benameur-Sauvaire, Founder of Five Security. Laurent added, “By remotely securing and locking down the local workstation and facilitating cardholder capture within their hosted environment they have cleverly removed opportunities of exposure to cardholder data from the local machine. This in turn can remove the network and downstream processes from exposure to cardholder data”.

“As we advance payment security to fight back against cybercrime, collaboration is crucial,” said Payment Card Industry (PCI) Security Standards Council General Manager Stephen W. Orfei. “We’re pleased to have DataDivider participating in our North America Community Meeting in Vancouver and in the work we are doing every day at the PCI Council to protect payment transactions globally.”

About Virtual Keypad

The Virtual Keypad, secured by DataDivider’s Protected Zone, operates as a secure, isolated remote desktop application.  The Virtual Keypad presents a rotary display with zero initially displayed randomly between One O’clock and Twelve O’clock. After each series of digits are collected from the cardholder the rotary display rotates, again randomly, one or two digits clockwise or counter-clockwise. This ensures that there is never a correlation between the coordinates of a mouse click and a specific digit. It is therefore impossible to reverse engineer the series of mouse clicks back to the card number. With all other functions other than mouse clicks disabled on the local machine there is no exposure to the cardholder data locally. DataDivider can either directly send cardholder data to payment processors from its PCI Level 1 Certified environment or provide merchants Tokens to keep them out of PCI scope.

About DataDivider

Founded in 2004 in the heart of Silicon Valley, DataDivider is the world’s leading PCI (Payment Card Industry) Compliant SaaS (Software as a Service) solution. DataDivider’s unique and innovative approach allows Merchants to de-scope their corporations from PCI DSS. DataDivider is a PCI DSS Level 1 Certified Service Provider which attests its conformance with all PCI controls designed to protect cardholder data.

About Five Security

Five Security is an independent information security consulting company based in Ireland and in France and operating primarily everywhere in Europe. Specializing in data security, compliance and risk management, we believe that security consulting should always be based on common sense practices and be enjoyable for our clients. Five Security delivers world-class consulting services and unparalleled support from a team of highly skilled and approachable senior consultants. Our motto is simple: providing high value, no nonsense security solutions.

About the PCI Council

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.  The Council’s five founding global payment brands — American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. — have agreed to incorporate the PCI DSS as the technical requirements of each of their data security compliance programs. Each founding member also recognizes the QSAs, PA-QSAs and ASVs certified by the PCI Security Standards Council.