A telemarketing firm uploads encrypted batch files (OpenPGP public/private key encryption) containing donor information and the AuricVault® token to an Auric-managed, PCI-compliant SFTP server. The batch files have different layouts for each client and are delivered in .csv, fixed-field, tab, and .xls/.xlsx formats.
Goal
Securely transfer tokenized credit card data to multiple companies.
Solution
The custom Auric service:
- The telemarketing firm uploads encrypted (OpenPGP) batch files to an Auric-managed, PCI-compliant SFTP server.
- A custom Auric service on a secure processing server retrieves each batch file.
- The batch files are decrypted, detokenized, and re-encrypted with the end-client’s OpenPGP encryption key. This entire process occurs in RAM without any intermediate files being written.
- The newly encrypted file is securely uploaded to a PCI-compliant SFTP service for client pickup.
Outbound Data Flow
Outbound batch data flow.
- The telemarketer uploads GPG encrypted files with tokenized data to Auric’s PCI secure SFTP server.
- The encrypted files are securely transferred to the Auric Batch De-tokenizer server.
- A batch process decrypts then scans each file to extract an AuricVault® token. The batch de-tokenizer scans extracts tokens from each file, sends the tokens to the AuricVault® service, and
- receives back the original data.
The batch process then:
- Replaces the AuricVault® token with the original cardholder account number.
- GPG encrypts the final batch file.
- Uses SFTP to upload the batch file to each company’s account.
Security
The custom Auric Batch Detokenization service, along with the custom Inbound Edge Tokenization service completely removed the credit card data from the telemarketer’s data flow.
Auric also:
- introduced OpenPGP public/private key encryption into the data flow.
- migrated the incoming SOAP HTTPS connection to the latest HTTPS protocol (TLSv1.2) before the telemarketer upgraded their services.
Technologies Used
- Detokenization
- Data Separation
- Fine-grained access control
- SFTP
- OpenPGP encryption