Outbound Batch Detokenization

July 3, 2019

A telemarketing firm uploads encrypted batch files (OpenPGP public/private key encryption) containing donor information and the AuricVault® token to an Auric-managed, PCI-compliant SFTP server. The batch files have different layouts for each client and are delivered in .csv, fixed-field, tab, and .xls/.xlsx formats.

Goal

Securely transfer tokenized credit card data to multiple companies.

Solution

The custom Auric service:

  • The telemarketing firm uploads encrypted (OpenPGP) batch files to an Auric-managed, PCI-compliant SFTP server. 
  • A custom Auric service on a secure processing server retrieves each batch file.
  • The batch files are decrypted, detokenized, and re-encrypted with the end-client’s OpenPGP encryption key. This entire process occurs in RAM without any intermediate files being written.
  • The newly encrypted file is securely uploaded to a PCI-compliant SFTP service for client pickup.
     

Outbound Data Flow

Outbound batch detokenization dataflow.

Outbound batch data flow.

  1. The telemarketer uploads GPG encrypted files with tokenized data to Auric’s PCI secure SFTP server.
  2. The encrypted files are securely transferred to the Auric Batch De-tokenizer server.
  3. A batch process decrypts then scans each file to extract an AuricVault® token. The batch de-tokenizer scans extracts tokens from each file, sends the tokens to the AuricVault® service, and
  4. receives back the original data.

The batch process then:

  • Replaces the AuricVault® token with the original cardholder account number.
  • GPG encrypts the final batch file.
  • Uses SFTP to upload the batch file to each company’s account.

Security

The custom Auric Batch Detokenization service, along with the custom Inbound Edge Tokenization service completely removed the credit card data from the telemarketer’s data flow.

Auric also:

  • introduced OpenPGP public/private key encryption into the data flow.
  • migrated the incoming SOAP HTTPS connection to the latest HTTPS protocol (TLSv1.2) before the telemarketer upgraded their services.

Technologies Used

  • Detokenization
  • Data Separation
  • Fine-grained access control
  • SFTP
  • OpenPGP encryption

Have Questions?

Contact Us

1,000 character limit.

By submitting your name, email address, phone number, and message, you are permitting us to contact you by these means in response to your inquiry or feedback. You also acknowledge that you have read our Privacy Statement and that you consent to our processing data in accordance with it.