Reduce risk and compliance scope with VirtuCrypt
Futurex’s VirtuCrypt provides secure and compliant solutions for data encryption and key management. VirtuCrypt does the heavy cryptographic lifting so that you don’t have to. Its physical devices and facilities are certified for compliance with all major regulatory standards. VirtuCrypt significantly reduces risk, compliance scope, and cost for organizations of all sizes and industries.
The Accredited Standards Committee X9 (ASC X9) provides compliance guidelines for organizations that handle PIN and POS transactions. These guidelines, called TR-39, provide the framework for keeping transactions that take place within ATMs or POS terminals secure.
VirtuCrypt employs Solutions Architects to provide training, helpdesk services, and audit preparation services for clients to help meet TR-39 guidelines.
The training and accreditation allow our Solutions Architects to view your infrastructure from an auditor’s perspective. They’ll design your VirtuCrypt solution from the ground up with compliance in mind the whole way.
The Federal Information Processing Standards (FIPS) are used to grade cryptographic devices on their security. The current standard for security is FIPS 140-2.
Not only does Futurex meet this standard, we meet it up to level 3. All of VirtuCrypt’s devices are validated according to FIPS 140-2 Level 3. They lead the industry in both physical and logical security.
Check out our FIPS 140-2 Level 3 validations in the official certificate database:
Futurex GSP3000 FIPS validation
The Payment Card Industry Data Security Standard (PCI DSS) outlines technical requirements to protect cardholder data during payment transactions and while stored.
Achieving full compliance involves a high level of data security. This in turn requires hardware-based cryptography. The VirtuCrypt cloud environment is a compliant and cost-effective way to achieve compliance by deploying Futurex’s cloud HSMs.
VirtuCrypt cloud HSMs – just like their hardware counterparts – comply with all major security standards, while VirtuCrypt itself undergoes regular PCI DSS audits.
The Payment Card Industry PIN Transaction Security: Hardware Security Module standard defines the requirements for cryptographic modules’ design, manufacture, and deployment.
The devices used for VirtuCrypt’s cloud services are validated as compliant with PCI HSM, providing organizations with the assurance that the cloud they’ve chosen is treating their data with the utmost security, both logical and physical.
Organizations need to encrypt payment card data immediately after interacting with a POS device. Payment card data should be decrypted until it reaches the payment processor. This mitigates the consequences of a data breach.
Using Futurex HSMs, VirtuCrypt secures sensitive data endpoints with point-to-point encryption (P2PE). P2PE is a standard used for encrypting data in transit from the Point of Interaction (POI) until it is stored in the host servers.
Futurex’s VirtuCrypt cloud payment HSMs offer a PCI P2PE validated decryption management service component, making it easier for organizations to meet their compliance requirements while keeping data secure at each point of transmission.
Organizations are required to adhere to a rigid set of standards for secure management, processing, and transmission of personal identification number (PIN) data during card transactions. It is essential that the extremely sensitive PIN along with other card details are not compromised in order to avoid fraud and theft.
VirtuCrypt implements the highest level of compliance standards for PCI PIN in all procedures, processes, and hardware. VirtuCrypt services undergo annual audits to ensure that all environmental compliance and certification requirements are met and maintained. All with Futurex’s market-leading FIPS 140-2 Level 3 and PCI HSM validated technology.
Futurex takes the hassle out of cloud compliance audits. Our Solutions Architects perform on-site assessments of IT infrastructure to help you secure your system and pass your audit.
VirtuCrypt automatically logs cryptographic functions. These logs can be accessed by auditors with special account permissions. Customers also have the option to export audit logs to external syslog servers through VirtuCrypt, if needed.