ExoIS Inc., a provider of information security and compliance services and products and PCI Qualified Security Assessor Company (QSAC), announced on Monday the release of PeepSafe 2.0 to provide organizations the ability to de-scope their corporate environments by implementing processes that move the storage and transmission of cardholder data to a PCI compliant, hosted environment.
PeepSafe is a cost effective, fully managed, fully customizable, secure portal environment incorporating encrypted email, fax, voice messages, online storage and safe processing of cardholder data. PeepSafe implementation can be rapid and have minimal effect on existing business processes.
Voice only environments can be completely de-scoped by PeepSafe removing the risk of “at home agents.” PeepSafe is also able to de-scope entire call centers and ensure that corporate call recording systems are fully PCI compliant to help greatly reduce the risk of agent fraud. The solution incorporates a tokenization engine and integrates with any internal application or database and any payment gateway.
“As we’ve seen from recent high-profile breaches, it is incredibly important that contact centers improve data security and eliminate sensitive cardholder data from recorded calls,” said Cameron Ross, Managing Director of Veritape. “PeepSafe coupled with our CallGuard solution is the simplest and quickest way for organizations to comply with PCI DSS guidelines on call recording. It also helps take large chunks of their organization, such as their contact centers, out of scope entirely.”
PeepSafe can also be used to comply with any other compliance drivers such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA). In addition, existing non-compliant business processes can be simply adapted and relocated into the compliant portal environment, while still allowing users to retain essential business practices and functionality.
“Increased numbers of sophisticated data breaches involving card holder data and associated credit card fraud continue to persist, making PCI compliance a challenge that all levels of merchants must overcome,” said Ruth Xovox, chief compliance strategist at ExoIS. “By deploying PeepSafe, organizations can de-scope entire functions or network segments and dramatically reduce their PCI footprint by ensuring that cardholder information is not accidentally re-introduced into their corporate environments. We believe that PeepSafe is the only fully integrated, compliant SaaS solution available today.”
All PeepSafe functionality is hosted behind an encrypted portal, accessible via an encrypted SSL tunnel. The portal provides multiple layers of security including secure role and access management, audit trails and full integration with a large number of applications and authentication directories and single sign on capabilities.
Any PCI or sensitive data within any local application or system can be tokenized and managed via the token engine residing in the portal, eliminating the need for expensive controls to be introduced into corporate networks. The portal acts as an agent between the payment gateway and local systems transmitting only non-sensitive data back to the merchant. This same technology allows for de-scoping of voice transactions with minimal process changes required.
PeepSafe users are able to access their individual accounts within a fully secured, encrypted, audit enabled email system which is housed and managed within the portal. Non-portal users are able to send emails into the secure system which are encrypted before they are stored. The system can auto provision non-users with time limited, guest accounts to receive responses to their emails.
Secure Fax is a simple, secure encryption alternative to traditional fax machines and eliminates the need for stringent physical, logical and procedural controls within the corporate office. The secure fax is encrypted upon receipt and then transferred transparently to your secure mailbox.
Data Loss Prevention (DLP) has been designed to track cardholder data wherever account data is stored, processed or transmitted to prevent user initiated intentional or unintentional leakage from the portal and can also prohibit cardholder data from accidentally being reintroduced into a corporate network by redirecting and quarantining it within the portal.
Secure Vault stores cardholder data encrypted at the source to prevent data from multiple cards from being displayed at any one time. Secure Vault capabilities include a full audit trail of activities, two factor authentication, secure email notifications, credential masking, alerts and reporting.
The secure file upload capability allows any file type to be uploaded and saved instantaneously into an encrypted directory on a portal hosted encrypted file share. Each PeepSafe user has a terminal session to a customizable remote desktop where they can view and manipulate files and access payment gateways to enter credit card and other customer information. Virtual keyboard, secure printing to local devices and many other features are available from the desktop.
Available immediately, PeepSafe is a cost effective, scalable, PCI compliant solution for corporate applications in manufacturing, retail, finance, healthcare and other compute- and data-intensive industries.