We simplify PCI compliance for companies running QAD®
 

Zencurity ® compliance platform
by Bright Lion®

zencurity-brightlion-large.jpg

Protecting Sensitive Data

Securing payment data, which currently can exist on your enterprise network in both card-not-present and ecommerce transactions, becomes a snap with Zencurity by Bright Lion.

There are three core elements to our solution:

  • Sensitive data-entry protection

  • The Zencurity by Bright Lion network

  • P2PE tokenization

By combining these security elements, your application network – including user workstations – is kept entirely out of scope for PCI DSS compliance. This increases the ease of compliance for your company while maximizing security for your customers.

How Zencurity by Bright Lion Works

One simple solution for all your PCI compliance.

When Zencurity is integrated in your systems, your application servers, web servers, and other servers are shielded from exposure to sensitive payment data. This means that they stay out of scope for PCI DSS compliance requirements. 

Payments are seamlessly integrated with your current ERP and other internal sales and ecommerce systems, and sensitive payment data is removed from your local environment.

With this secure business continuity, Zencurity enables users to reduce their annual requirement for SAQ-D down to the very minimum SAQ-A for ecommerce or SAQ-P2PE for back-office environments. This expedites an otherwise labor-intensive process, makes better use of staff time, and significantly reduces compliance-related costs.

BrightLion_Icons-05.png

Zencurity for Back-Office Compliance

Great for Call Centers, Inside Sales, and Accounts Receivable

PROBLEM

How can I assure that no personal data is collected during an inbound sales call?

SOLUTION

Use Zencurity, tokenization, and our automated entry safeguards to eliminate the possibility of insecure data entry.

BrightLion_Service_back-office-compliance_2.png

A Point-to-Point Encryption (P2PE) keypad device is attached to each workstation where new payment cards will be entered, such as those for a new sales order. This device is certified as PCI-validated, including for chain-of-custody management, and your customer’s Personal Account Number (PAN) is entered on the device keypad. Your customer’s PAN will be visible on the device display so that it can be read back to the customer for confirmation; it is then encrypted.

This encrypted string comprises fully devalued data, which isn't classified as sensitive payment data. The string is sent from the workstation via your application server to the Zencurity SaaS network. Zencurity manages the decryption and tokenization processes, resulting in a token that represents the PAN being returned for storage on your application server.   

In order to ensure that there's no exposure to the PAN on the workstation or the application network, Zencurity automatically prevents entry of a PAN into the active field and frame on the workstation; it also prevents entry into other text fields in other frames. That is, users are not allowed to type a PAN-like string – they can enter it only with the designated P2PE device keypad. Per PCI DSS guidelines, the validated P2PE device is considered unexposed.

Thanks to this process, your network would never be exposed to the PAN nor connected to any device that is exposed to the PAN. With this protection, you'll be able to complete the SAQ-A rather than SAQ-D, annually saving you months of effort and significant amounts of money.

 
 
quote nebula banner@2x.png

Zencurity for Ecommerce

PROBLEM

How do I securely route communications between my enterprise network and a card authorization processor, such as Cybersource, without exposing sensitive data to my network?

SOLUTION

Use Zencurity by Bright Lion to avoid exposure to a personal account number (PAN) entirely.

Following a prompt at the initiation of the ecommerce order process, a unique, proprietary Zencurity plugin or extension gets downloaded and installed by the customer. At the appropriate time in the ecommerce process, the secure plugin automatically invokes a secure, hosted page from the Zencurity network for entry of the PAN. 

BrightLion_Service_ecommerce_1.png

Next, Zencurity manages the PAN tokenization process, without exposing any device on your network to the PAN data, and returns the token to your enterprise’s application server. That server and your ecommerce web server provide confirmation to the customer and subsequent processing of devalued customer data as needed, without exposure to the PAN at all. 

The PAN is securely stored in the Authorization and Payment Provider’s certified card vault where the strongly encrypted card data is only represented by the token going forward.

Additionally, Zencurity by Bright Lion has the only direct involvement in providing the downloadable secure plugin for the ecommerce customer. Thus, enterprise servers and the ecommerce customer’s device are kept out of scope, per PCI ecommerce guidelines. 

 
 
quote nebula banner@2x.png