Outbound Batch Detokenization
The telemarketing firm uploads encrypted batch files (OpenPGP public/private key encryption) containing donor information and the AuricVault® token to an Auric-managed, PCI-compliant SFTP server. The batch files have different layouts for each client and are delivered in .csv, fixed-field, tab, and .xls/.xlsx formats.
The custom Auric service:
- transfers each batch to a secure processing server.
- decrypts the batch file.
- scans each batch file and convert AuricVault® tokens into credit card numbers.
- Uses OpenPGP to encrypt the resulting file with the client’s public encryption key.
- uploads the encrypted file to the SFTP service for client pickup.
Outbound Data Flow
Outbound batch data flow.
- The telemarketer uploads GPG encrypted files with tokenized data to Auric’s PCI secure SFTP server.
- The encrypted files are securely transferred to the Auric Batch De-tokenizer server.
- A batch process decrypts then scans each file to extract an AuricVault® token. The batch de-tokenizer scans extracts tokens from each file, sends the tokens to the AuricVault® service, and
- receives back the original data.
The batch process then:
- Replaces the AuricVault® token with the original cardholder account number.
- GPG encrypts the final batch file.
- Uses SFTP to upload the batch file to each company’s account.
Security
The custom Auric Batch Detokenization service, along with the custom Inbound Edge Tokenization service completely removed the credit card data from the telemarketer’s data flow.
Auric also:
- introduced OpenPGP public/private key encryption into the data flow.
- migrated the incoming SOAP HTTPS connection to the latest HTTPS protocol (TLSv1.2) before the telemarketer upgraded their services.