ExoIS, a provider of information security and compliance services and products and PCI-qualified security assessor, has released PeepSafe 2.0 to allow organizations to move the storage and transmission of cardholder data to a PCI-compliant, hosted environment.
PeepSafe is a fully managed, fully customizable, secure portal environment incorporating encrypted email, fax, voice messages, online storage, and safe processing of cardholder data. Voice-only environments can be completely de-scoped by PeepSafe, removing the risk of at-home agents. It can also de-scope entire call centers and ensure that corporate call recording systems are fully PCI-compliant to help reduce the risk of agent fraud. The solution incorporates a tokenization engine and integrates with any internal application or database and any payment gateway.
PeepSafe can also be used to comply with any other compliance drivers, such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA). In addition, existing non-compliant business processes can be adapted and relocated into the compliant portal environment, while still allowing users to retain essential business practices and functionality.
Key PeepSafe features include the following:
- Tokenization Engine: Any PCI or sensitive data within any local application or system can be tokenized and managed via the token engine residing in the portal, thus eliminating the need for expensive controls to be introduced into corporate networks. The portal acts as an agent between the payment gateway and local systems transmitting only non-sensitive data back to the merchant. This same technology allows for de-scoping of voice transactions with minimal process changes required.
- Secure Encrypted Email: PeepSafe users can access their individual accounts within a fully secured, encrypted, audit-enabled email system housed and managed within the portal. Non-portal users can send email into the secure system; they are encrypted before they are stored. The system can auto provision non-users with time-limited, guest accounts to receive responses to their emails.
- Secure Fax: Secure Fax is a secure encryption alternative to traditional fax machines and eliminates the need for stringent physical, logical, and procedural controls within the corporate office. The secure fax is encrypted on receipt and then transferred transparently to a secure mailbox.
- Data Loss Prevention (DLP): DLP specifically designed to track cardholder data is deployed wherever account data is stored, processed, or transmitted to prevent user-initiated intentional or unintentional leakage from the portal and can also prohibit cardholder data from accidentally being reintroduced into a corporate network by redirecting and quarantining it within the portal.
- Secure Vault: Secure Vault stores cardholder data encrypted at the source to prevent data from multiple cards from being displayed at any one time. Secure Vault capabilities include a full audit trail of activities, two factor authentication, secure email notifications, credential masking, alerts and reporting.
- Secure File Upload: The secure file upload capability allows any file type to be uploaded and saved instantaneously into an encrypted directory on a portal hosted encrypted file share.
- Remote Desktop: Each PeepSafe user has a terminal session to a customizable remote desktop where they can view and manipulate files and access payment gateways to enter credit card and other customer information. Virtual keyboard, secure printing to local devices and many other features are available from the desktop.
"Increased numbers of sophisticated data breaches involving card holder data and associated credit card fraud continue to persist, making PCI compliance a challenge that all levels of merchants must overcome," said Ruth Xovox, chief compliance strategist at ExoIS. "By deploying PeepSafe, organizations can de-scope entire functions or network segments and dramatically reduce their PCI footprint by ensuring that cardholder information is not accidentally re-introduced into their corporate environments. We believe that PeepSafe is the only fully integrated, compliant SaaS solution available today."