Protecting Sensitive Data
Securing payment data, which currently can exist on your enterprise network in both card-not-present and ecommerce transactions, becomes a snap with Zencurity by Bright Lion.
There are three core elements to our solution:
Sensitive data-entry protection
The Zencurity by Bright Lion network
P2PE tokenization
By combining these security elements, your application network – including user workstations – is kept entirely out of scope for PCI DSS compliance. This increases the ease of compliance for your company while maximizing security for your customers.
How Zencurity by Bright Lion Works
One simple solution for all your PCI compliance.
When Zencurity is integrated in your systems, your application servers, web servers, and other servers are shielded from exposure to sensitive payment data. This means that they stay out of scope for PCI DSS compliance requirements.
Payments are seamlessly integrated with your current ERP and other internal sales and ecommerce systems, and sensitive payment data is removed from your local environment.
With this secure business continuity, Zencurity enables users to reduce their annual requirement for SAQ-D down to the very minimum SAQ-A for ecommerce or SAQ-P2PE for back-office environments. This expedites an otherwise labor-intensive process, makes better use of staff time, and significantly reduces compliance-related costs.
Popular Use Cases for Zencurity
Do you need to be certain that customers are entering cardholder data only on the intended site, even if an ecommerce webserver gets hacked?
If your ecommerce web server is not in a PCI-validated host, Zencurity provides a viable alternative to the cost and complexity of SAQ-D by qualifying you for the simplicity of SAQ-A.
Does your organization need access to the latest payment technologies?
Zencurity supports a wide range of payment options, and we can even help you easily preauthorize and process virtual card numbers while avoiding common tokenization issues.
Has it been hard to get your authorization and settlement providers to play nice?
A fully agnostic service, Zencurity works great with multiple payment processors.
Are you concerned about payment information ending up in the wrong fields of your sales-order application?
Zencurity automatically blocks Personal Account Numbers (PAN) from being entered in any wrong field. The service works with P2PE devices to keep all critical cardholder data right where it belongs: out of sight.
Do you need extra-strong protection for sensitive account data?
Zencurity goes the extra mile to ensure that credit card numbers – and card-verification value (CVV) codes – can be entered ONLY via a PCI-validated Point-to-Point Encryption (P2PE) keypad.
Are you using QAD® Enterprise Applications and accepting payment cards, but not quite sure how to maintain compliance?
Zencurity has you covered: it's the only payment-card security and compliance solution for the QAD environment, and you can get it from our partner ProStar Software - sold as Credit Card Integration + Enhanced Compliance (CCI+EC).
Zencurity for Back-Office Compliance
Great for Call Centers, Inside Sales, and Accounts Receivable
PROBLEM
How can I assure that no personal data is collected during an inbound sales call?
SOLUTION
Use Zencurity, tokenization, and our automated entry safeguards to eliminate the possibility of insecure data entry.
A Point-to-Point Encryption (P2PE) keypad device is attached to each workstation where new payment cards will be entered, such as those for a new sales order. This device is certified as PCI-validated, including for chain-of-custody management, and your customer’s Personal Account Number (PAN) is entered on the device keypad. Your customer’s PAN will be visible on the device display so that it can be read back to the customer for confirmation; it is then encrypted.
This encrypted string comprises fully devalued data, which isn't classified as sensitive payment data. The string is sent from the workstation via your application server to the Zencurity SaaS network. Zencurity manages the decryption and tokenization processes, resulting in a token that represents the PAN being returned for storage on your application server.
In order to ensure that there's no exposure to the PAN on the workstation or the application network, Zencurity automatically prevents entry of a PAN into the active field and frame on the workstation; it also prevents entry into other text fields in other frames. That is, users are not allowed to type a PAN-like string – they can enter it only with the designated P2PE device keypad. Per PCI DSS guidelines, the validated P2PE device is considered unexposed.
Thanks to this process, your network would never be exposed to the PAN nor connected to any device that is exposed to the PAN. With this protection, you'll be able to complete the SAQ-A rather than SAQ-D, annually saving you months of effort and significant amounts of money.
Testimonials
Zencurity for Ecommerce
PROBLEM
How do I securely route communications between my enterprise network and a card authorization processor, such as Cybersource, without exposing sensitive data to my network?
SOLUTION
Use Zencurity by Bright Lion to avoid exposure to a personal account number (PAN) entirely.
Following a prompt at the initiation of the ecommerce order process, a unique, proprietary Zencurity plugin or extension gets downloaded and installed by the customer. At the appropriate time in the ecommerce process, the secure plugin automatically invokes a secure, hosted page from the Zencurity network for entry of the PAN.
Next, Zencurity manages the PAN tokenization process, without exposing any device on your network to the PAN data, and returns the token to your enterprise’s application server. That server and your ecommerce web server provide confirmation to the customer and subsequent processing of devalued customer data as needed, without exposure to the PAN at all.
The PAN is securely stored in the Authorization and Payment Provider’s certified card vault where the strongly encrypted card data is only represented by the token going forward.
Additionally, Zencurity by Bright Lion has the only direct involvement in providing the downloadable secure plugin for the ecommerce customer. Thus, enterprise servers and the ecommerce customer’s device are kept out of scope, per PCI ecommerce guidelines.
Testimonials
