Unique, fast and flexible, Zortrex Token Vault is unparalleled in throughput, security and integrity and is pre integrated into common financial messaging formats for quick, easy and reliable deployment into payments environments.
In today’s compliance driven marketplace, finding the right, cost effective, solution for your business is both time-consuming and fraught with risk. Zortrex offers a simple, easy to integrate solution, which removes all credit/debit card information at the boundaries of the organisation. This can dramatically simplify compliance, reducing the scope of any Cardholder Data Environment (CDE), by ensuring that internal systems are cleared and remain free of sensitive information. The Zortrex platform is a unique solution in the tokenisation marketplace because it supports major financial messaging standards, which are built into our Interception Server within the Zortrex Token Vault. As its name states, the Interception Server within Zortrex Token Vault simply intercepts existing message flows, removes and tokenises sensitive data, and passes on the intercepted message to the customer’s message bus or application.
Zortrex is not just about compliance; it’s about changing the way you handle, control and disseminate sensitive information throughout your organisation. The flexibility of Zortrex Token Vault solution allows organisations to evolve their information handling procedures to demonstrate and evidence that only staff with business “need-to-know”, have access to the sensitive data. By deploying Zortrex Token Vault solution it is possible to reduce the risk of information leakage, for example in call centres.
Zortrex platform is the result of over 75 years of combined experience in information security management and a desire to do it better, cheaper, faster and more secure, whilst maintaining business agility and secure access to data.
How Does It Work?
The Zortrex Token Vault uses a web portal for management to allow the customer to create / amend token masks and to safely and securely de-tokenise data for those few processes where the original data is required.
Zortrex Token Vault is built on the Zortrex Token engine. The Zortrex Token engine can operate with multiple token masks; ensuring that the Zortrex Token Vault can cater for all data types, lengths and formats. The platform tokenises financial messaging in-Line directly from your payment gateway and operates in a cloud agnostic manner across Public, Private, Hybrid as well as on-premise. Zortrex Tokenisation means you can tokenise once, at the earliest point in receiving sensitive data, ensuring all downstream and legacy systems remain clean and compliant. A token is NOT cryptography and CANNOT be broken or “Turned” back into sensitive data without the Token Vault and all relevant security that surrounds the Vault.
The platform provides non-relational tokenisation and reporting for card issuers and settlers. This allows customers to request a token for sensitive data that is not derived or related to the data received from the Client. The token generated will always be the same for the data presented (Static tokens) and will enable customers to run analysis on token data in the same way they currently run it for sensitive data reconciliation and fraud purposes, etc. Tokens are only swapped back when doing chargebacks or outbound payments. Sensitive information is retrieved securely in a fully auditable and traceable manner.
The customer can also request a conversion from a token into valid data and vice versa to enable troubleshooting and legal evidence requirements for legal investigative purposes. The system will provide a user definable tokenisation request (custom masks) and conversion method, along with reporting, user management, compliant audit trails and automated invoice generation. It uses tokens in downstream systems to ensure compliance to both GDPR and PCI DSS.
Takes any ISO8583 compliant message and swaps out sensitive information for tokens with a sub 100ms latency. Scales with multiple interception and Token servers, as all tokens are requested in real-time there are no collisions.
The Vault database is protected by a NIST compliant, FIPS 140-2 minimum cryptography. Attempted breaches of the token store generate alerts in real-time, locking out bad actors.
Zortrex Token Vault currently supports ISO8583 financial messages – by Q2 2019 it will support a number of data / message formats including Hadoop and DB integrations for tokenisation on ingestion.
Zortrex Tokenisation will be integrated into Zortex Blockchain products, providing flexibility and security in the Asset chain, enabling sharing of only specific information in the chain in a transaction, with all other items tokenised and only released as required via smart contract.
Q4 2019, Zortrex will offer its’ services in an “as a Service” model, pioneering the Token as a Service (TaaS) product line for SME and local government organisations.
Our story starts when our Chairwomen; Susan Brown, started “Company Policy Ltd.” back in 2017. She had seen the issues with compliance and constantly-changing legislation and decided to do something to combat this, whilst at the same time, help her fellow SME’s.
With the introduction of GDPR in 2018 and data breaches reaching a critical point, the need to protect data was becoming acute. To execute on this strategy, Susan sourced a data-protection tokenisation payment solution. The platform was conceived and written by, some might say, a dream team of Information Security Professionals, developers and architects. The Zortrex product suite is the result of over 75 years of combined experience in information security management.
The software covered compliance requirements like PCI DSS/HIPPA/FIPPA/FSA, etc. as standard and we subsequently added compliance with GDPR. Compliance is an essential requirement of doing business these days but so is combatting cyber fraud, and this is integral to our solution. Scalability and agility are also key attributes of our solution and both where incorporated from conception. Zortrex was formed by Susan in November 2017, to become the management and sales vehicle for the solution. The Zortrex platform was originally developed with inherent scalability to provide tokenised real time credit/card payments. Zortrex is now engaged in developing the platform to provide tokenisation of PII and data strings, for example: names and addresses, dates of birth, NI No’s, driving license details, passports, basically any PII information or any data string that needs to be tokenised to preserve its identity.
Within 12 months of forming Zortrex, we are now finalising the development of the platform and in tandem, are in talks with numerous corporates about implementing our solution.
It’s no time for resting on our laurels though. As new technology emerges in the digital world, new IIoT devices, particularly in health and industry are developed and come to market, we have also to develop a new cyber-security infrastructure to run parallel with this new technology. The conveyor belt of data breaches has eroded customer trust be it stolen credit card information or PII information. Tokenisation is still in its infancy but has a huge part to play in every aspect of securing government, financial, healthcare and insurance data. The potential for tokenisation to combat fraud, whether identity or financial, and to significantly reduce the black-market trading in data has to date been understated. We are, however, looking to the future, to the new digital tokenised economy.
Susan Brown – Executive Chairwoman
Max Cope – Chief Technology Officer
Graham Mann – Chief Executive Officer