Edinburgh-based Zortrex, a disruptive data security start-up, has launched Zortrex Token Vault. Designed to help organisations reduce the cost and complexity of protecting against data breaches, ensure customer privacy and compliance with ever-changing regulatory requirements, Zortrex Token Vault is a scalable and secure platform that tokenises messages in-line, removing and storing sensitive data such as credit/debit card information at the boundaries of an organisation.

The global tokenisation market was valued at USD 685.78 million in 2016 and is projected to reach USD 4272.54 million by 2025. As an agile new start-up with a team that has over 75 years of combined experience in information security management, Zortrex is targeting ambitious growth, setting out a strategy to become the tokenisation vendor of choice within the financial sector.

Ensuring regulatory compliance

Zortrex Token Vault is built on the Zortrex Token engine, which can operate with multiple token masks, meaning it can be used to tokenise any data or string of data. Tokenisation doesn't rely on encryption keys so organisations don't have to worry about managing sensitive data - security travels with the data while it’s at rest, in use and in motion. As a result, no additional security methods are required to provide protection when information leaves the business.

Zortrex Token Vault is a scalable and future-proof system, built from the ground up to address the unique requirements of the financial sector. It handles and controls sensitive data and supports common financial messaging standards, including ISO 8583/20022, DB and Hadoop, ensuring quick and easy deployment into payment environments.

Zortrex Token Vault is fully compliant with the worldwide Payment Card Industry Data Security Standard (PCI DSS) that was set up to help businesses process card payments securely and reduce card fraud. Organisations can meet their obligations under PCI DSS and protect financial information such as credit and debit card numbers by tokenising the data at source.

In addition to tokenising financial data, organisations can also protect other sensitive data such as bank account numbers, national insurance numbers, customer details, addresses, date of birth or any other piece of personal data. The platform meets the standards set out in ISO27001, is GDPR compliant and also addresses specific sector regulations including US-based FIPPA and HIPPA.

“Technology is driving transformation within the financial services sector, and tokenisation is changing the way sensitive information is handled, controlled and disseminated throughout organisations,” said CEO Steve Clarke.

“The security threat landscape continues to expand, and financial services providers have a moral and legal responsibility to protect customers’ personal data. Notwithstanding the reputational risk associated with a data breach, non-compliance with an ever-increasing raft of regulatory and legislative compliance requirements, can lead to punitive fines,” he added.

Flexible solution

Zortrex Token Vault seamlessly integrates with clients’ legacy services and systems, allows organisations to evolve how they manage sensitive information. Zortrex Token Vault fully protects sensitive customer information in a secure, NIST-compliant, encrypted database; tokenised data can be stored in the same size and format as the original data; and tokens with business relevant token masks, safely provide staff with the information they need to do their jobs. 

The flexible solution provides protection from a centralised control point. Customers can create or amend token masks as well as safely and securely de-tokenise data, in instances where the original data is required, via a web portal. The platform can be deployed as a Software as a Service (SaaS) in the cloud, in a hybrid cloud/on-premises model or entirely on a customers’ premises.

Its capabilities include the ability to intercept sensitive information in-line and process all transactions in real-time, on and offline. The platform is consistent, reliable and repeatable; returns data to customer systems with an average 100ms process time; and provides real-time audit reporting capability, digital payment transactions and digital tokenised security.

“The best way to protect against cyber-attack is to devalue sensitive data, Zortrex Token Vault protects and secures information, providing proactive security measures for preventing data breaches, replacing sensitive data with a unique identification code which if lost or stolen, is useless to cybercriminals,” Clarke concluded.