TransArmor Solution ®Protect valuable payment card data with the First Data® TransArmor® solution.Secure payment card data from the point of sale and prevent it from enteringyour environment through the powerful combination of tokenization andencryption to help reduce your risk and simplify your PCI compliance effort.The Challenge The SolutionPayment card numbers are valuable and represent The First Data TransArmor solution is a powerfulprime targets for fraudsters and cyber-criminals. With payment security solution that combines the flexibility ofmore than 900 million payment card records breached software- or hardware-based encryption with random-between 2004 – 2009 , businesses have collectively 1 number tokenization. This unique layered service protectsspent more than $1B on Payment Card Industry Data merchants and consumers from the risks of transmittingSecurity Standard (PCI DSS) compliance . Securing 2 and storing vulnerable card data while leaving businesspayment card numbers and complying with PCI DSS processes intact. With the TransArmor solution, paymentrequirements are critical, but security spend and card data is protected at every transaction stage - inpotential losses from fraud can cut significantly into transit, in use and at rest - reducing risk as well as theyour bottom line, translating to average costs in 2009 scope and cost of PCI compliance.of $204 per compromised record . 3 JJ During a sale, card data is encrypted as soon asThe challenge is to find a comprehensive solution that lets it enters the merchant environment – prior to transmission – and is protected throughout theyou maintain the benefits derived from card acceptance entire transmission process.and transaction data while minimizing the risk involved JJ During the authorization process, the Primaryin transmitting and maintaining that data while also Account Number (PAN) is replaced with a randomly-reducing the scope and cost of PCI compliance. generated token value that can be used for business activities and analytics. JJ Each time a specific card is used to make a payment, the TransArmor solution returns the same token number to the merchant. This 1:1 relationship means you can track and analyze an individual customer’s buying behavior without housing payment card data in your business systems. JJ The random-number token eliminates sensitive cardholder information from the merchant environment, thereby removing systems that store the token from PCI scope and ensuring that paymentfirstdata.com card numbers cannot be identified.1 Verizon, 2010 Data Breach Investigations Report, Verizon Business RISK Team in cooperation with the United States Secret Service, 20102 Letter to Bob Russo of the PCI Security Standards Council from the National Retail Federation, et. al., June 9, 2009.3 Ponemon Institute, 2009 Annual Study: Cost of a Data Breach, January 2010
Two Layers of Security:The Industry Standard Benefits to Your BusinessPayment security is paramount for any business, however JJ Risk removed while business processes remain intact—removing sensitive card data and replacing itit is difficult to maintain constant vigilance over every with something of no inherent value outside of yourdata access point. To address the security challenge, the business secures the payment transaction flow whileTransArmor solution offers multiple layers of security that still supporting business analytics and processes.make cardholder data significantly more secure whilereducing the scope and cost of PCI compliance. The JJ Flexible, layered approach to security reducessolution offers you the flexibility to choose the encryption card data vulnerability and merchant liability— protects data with state-of-the-art tokenization andand tokenization combination that best meets your needs. encryption and removes actual card data, thereby reducing the risk of data loss, brand damage, loss of customer confidence, financial liability and litigation.Software-based encryption, supported by RSA, thesecurity division of EMC, can be installed on PC-based JJ Reduction of PCI compliance time, costs and effort—POS systems, letting you add the TransArmor solution removing sensitive card data from merchant systemswith little-to-no investment in new or upgraded hardware. also removes it from PCI scope. This minimizes theFormat-preserving, hardware-based encryption, amount of time and resources needed to meet PCI requirements.available through the VeriFone edition and offered onVeriFone devices such as the MX 800 Series and Secure • Can reduce the scope of annual PCI audits by as much as 80%4PumpPAY and Ruby SuperSystem point-of-sale (POS) • Can reduce the time PCI compliance requires solutions, requires no software changes at the POS by as much as 50% 5application level and no extra steps or training for theretailer. Multiple encryption options mean that you can JJ Minimizes IT resource allocation to implement—encrypt the data at the point-of-capture and remove it enabling businesses to maintain focus on broaderfrom PCI scope, limiting the card data environment to business initiatives. Works with First Data, VeriFonethe point-of-capture device itself. and other terminals or point-of-sale systems and can be applied across brick-and-click environments. • No new hardware in most casesWhile encryption protects the data in motion through • No changes to back-end IT systemsyour systems prior to authorization, tokenization • No employee trainingremoves the card data from your environment afterauthorization. Provided by the RSA SafeProxy architecture, JJ Solution from the market leaders in payments andtokenization replaces the primary account number with security—designed to address the challenges of payment security in partnership between First Data,a randomly generated data substitute, called a token, a leader in electronic commerce and paymentsto protect card data at rest and in use. The token retains technology, VeriFone Systems, a leading providerthe business value of payment card data that is needed of electronic payment solutions, and RSA, thefor analytical activities based on card spending. However, Security Division of EMC and leading developerthe token is of no value whatsoever to cybercriminals of information security solutions.and cannot be used to identify a card number or to 4 Interview with CoalFireSystems.fraudulently initiate new transactions. You can maintain 5 Interview with SecurityMetrics.your business processes without the risks, or costs, ofstoring card data.
TransArmor Solution ® How the TransArmor Solution Works The TransArmor solution is an industry-unique combination of encryption technology to protect sensitiveCard Present (CP) payment card data in-transit along with tokenization technology to safely store card data post authorization. Merchant Enviroment First Data Datacenter Bank 1 merchant 2 card data encrypted 3 4 issuer First Data switch 6 merchant 5 token Token Number Assigned transaction log settlement data warehouse 6 anti-fraud 4 Tokenization Technology 6 analytics 1. Consumer presents card to merchant POS or fuel pump 2. Card data is encrypted and transmitted to First Data front-end 3. First Data front-end decrypts the data payload 4. Card data is sent to issuing bank for authorization and , in parallel, tokenized 5. Token is paired with authorization response and sent back to the merchant 6. Merchant stores token instead of card data in their environment and uses token for subsequent business processes