Case Study at a Glance:

• Industry: Software Solution Company
• Company: Under NDA
• Company Size: 100+ employees
• Site: Under NDA

The Client

The software solution company provides secure data solutions to businesses dealing with sensitive data. They offer a suite of tools that facilitate the capture of numeric privacy data without exposing that privacy data to the local machine where users operate. Their Secure Cloud is a Level 1 Service Provider certified PCI DSS compliant environment, ensuring that their client's data is secure and meets regulatory requirements.Their solutions include the Virtual Keypad, which provides a mechanism for numeric privacy data to be entered securely by mouse click, ensuring that the mouse click coordinates are valueless to potential hackers. They also offer tokenization and other methods of passing on data without exposing it to company infrastructure.In addition to their secure data solutions, their Secure Browser provides a secure environment for agents to access sensitive data, ensuring that frames and images are protected and inaccessible to any would-be hackers.

Client's Requirements

The client needed a secure and reliable way to capture numeric privacy data without exposing it to the local machine where agents operate. This was crucial to ensure the safety and privacy of sensitive data such as credit card details. The client required a solution that would:

• Securely capture numeric privacy data without exposing it to the local machine.
• Provide a mechanism for agents to enter numeric privacy data using mouse clicks.
• Ensure that the mouse click coordinates are valueless to potential hackers.
• Adhere to strict validation rules for numeric privacy data, such as the credit card numbers.
• Tokenize or pass on captured privacy data to third parties without exposing it to the company infrastructure.

Solution Provided

Agile Soft Systems provided the client with a Virtual Key pad, which is part of its suite of tools that facilitate the capture of numeric privacy data without exposing that privacy data to the local machine where users operate. This technique is called Data Capture Cloaking.The Virtual Keypad runs within the client's Secure Cloud which is a Level 1 Service Provider certified PCI DSS compliant environment. The Virtual Keypad is visualized to the agent through the client’s Secure Browser running on their local machine. The Virtual Key pad provides a mechanism by which numeric privacy data can be entered by mouse click such that the mouse click coordinate is valueless to a potential hacker that has breached the local agent machine. To achieve this, the following measures were taken:

• The Virtual Keypad app runs within the client’s Secure Cloud, where CHD is processed.
• The Virtual Keypad is visualized on the agent desktop through the client’s Secure Browser, which ensures that frames images are protected and inaccessible to any would-be hacker.
• The Virtual Keypad uses alternative approaches to the Numpad, such as a circular Keypad with a randomized zero position or a scrambled Numpad. These approaches eliminate the possibility of potential reverse engineering of privacy data from the mouse click coordinates.
• Strict validation rules for numeric privacy data, such as the Primary Account Number (PAN) of a credit card, are adhered to.

Value Added to the Client

The Virtual Keypad provided by Agile Soft Systems offered the following value to the client:

• Ensured the security and privacy of sensitive data such as credit card details.
• Provided a secure and reliable way to capture numeric privacy data without exposing it to the local machine.
• Enabled agents to enter numeric privacy data using mouse clicks, which is more convenient and efficient than manual entry.
• Eliminated the possibility of potential reverse engineering of privacy data from the mouse click coordinates.
• Adhered to strict validation rules for numeric privacy data, such as the Primary Account Number (PAN) of a credit card.
• Allowed for captured privacy data to be tokenized or passed on to third parties without exposing it to the company infrastructure