IVR Technology Group

People. Information. Connected.

800.438.1709

Relentless Security

IVR Technology Group is a security-first organization. We regularly conduct audits to comply with regulatory requirements and seek certifications from the leading governing bodies. This enables us to offer Cardholder Tokenization and PCI Redaction services for the ultimate in compliance.

contact us

Security First

We tout that Deliver WOW As A Service is our first and most important core value. But if we included “Security First” in our core values, it would be the zeroth core value. It’s because relentless attention to the highest level of security is part of delivering WOW. You need to be absolutely confident that your communications applications adhere to the strictest security protocols and regulatory compliance.

comp-ssae
comp-pci
comp-hipaa
comp-nist
comp-hitrust
comp-fisma
comp-soc

Application Network Security: Firewalls protect our load balanced and elastic network cluster with full Internet and carrier redundancy for 99.99% uptime guarantees.

Applications Security: IVR Technology Group’s portals, services, and APIs are completely secured using multi-factor authentication, auth tokens, and IDs, plus TLS Encryption.

Physical Security: We offer state-of-the-art on-premise security with 24/7 surveillance for all of our distributed computing and storage networks with industry standard access controls.

Data Security & Privacy: We take extra precautions to mitigate risks for our customer data that may contain sensitive data such as PHI, PII, or cardholder data by utilizing at-rest encryption.

Payment Security: We use an industry leading PCI DSS Level 1 Certified payment platform for all of our transactions equipped with AES-256 Payment Encryption and do not store any credit card information.

Operational Transparency: We adhere to high operational standards and provide policies and procedures for security audits, incident response, and privacy management through NOC infrastructure monitoring.

Regulatory Compliance: We utilize a shared risk model with secure application URIs and TLS encryption to assess security risk and implement a plan that covers required physical, procedural, and technical controls.

contact us

Cardholder Data Tokenization

A component of our Security First offering the highest level of PCI compliance through cardholder data (CHD) tokenization.

Tokenization Data Flow

ivr-tokenization-diagramCustomer or source data vendor is responsible for protecting the data at rest using AES-256 encryption (encrypted or password protected file).Customer is responsible for providing an SFTP location for posting the final password protected or encrypted results file.Network traffic for project laptop will be limited to the location of source data, posting to processor for tokenization, and final destination for the tokenized records.Segmented network for tokenization project. No access to other internal networks.Designated project workstation:AES-256 full disk encryption, removable media disabled, sanitized between projectsSFTPSource ofCardholder DataDestination ofTokenized DataPayment Processor/GatewaySFTPHTTPS

What is Tokenization

The purpose of a token is to protect the consumers’ information, much like emptying a hard-drive so that a hacker doesn’t have access to your files. For example, if the customer’s actual credit card number is 1154–3656–5668–6289, once tokenized, it might become EBYV234AUD54767. The token is randomly generated, and there is no algorithm to regain the original card number. Therefore the liability and costs that merchants often associate with PCI compliance are reduced tremendously.

Why IVR Technology Group

Most organizations do not have the proper security controls in place nor the expertise to safely take the credit card information from their previous payment processor and then re-tokenize against their new payment processor. There is considerable risk involved with this process, and many organizations do not want to take the chance of potentially having a breach. IVR Technology Group’s software Engineering and ITS (IVR Technology Support) team have developed the process to protect the data from start to end. IVR Technology Group’s qualified security assessor (“QSA”) vendor reviewed the process and is part of IVR Technology Group’s PCI Level 1 attestation of compliance (“AOC”).

contact us

PCI Detection & Redaction

Automatically detect and redact sensitive information

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. Through our secure payments suite, tokenization, and redaction, we help companies adhere to strict PCI compliance.

What Is The PCI Standard? The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and procedures.
It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc. You can find the 12 standards here.

Payment Security: We use an industry leading PCI DSS Level 1 Certified payment platform for all of our transactions equipped with AES-256 Payment Encryption and do not store any credit card information.

What Is PCI Detection? PCI Detection is a feature which identifies the specific start and stop time (milliseconds) of the credit card information. This flagged section of the call is passed to the customer in the JSON results for client-side redaction.

What Is PCI Redaction? PCI Redaction is a feature which identifies the specific start and stop time of the credit card information, and then redacts that sensitive information from both the audio and transcript.
For audio redaction, the API will return scrubbed recordings with flat tones where PCI info is detected, and for text redaction, we will replace the sensitive data with the term [redacted].
The value of removing sensitive information such as PCI or SSN from both the transcript and audio of a file is significant: when this information is scrubbed from a business server, its database then becomes queryable.

The Role of PCI at IVR Technology Group: A PCI DSS Level 1 Certification is the highest level of certification for securing online electronic transactions. IVR Technology Group allows you to detect and/or redact PCI data in your recordings, transcripts, and analytics. IVR Technology Group offers two specific features to handle PCI data; PCI detection and PCI redaction.

Learn More About Our Security, Tokenization, or Redaction

We’re happy to answer any questions about our relentless attention to security, the process of cardholder data tokenization, or how we can help you redact sensitive payment information.

So fill out the form here to get in touch with our friendly team, and start thinking about how relieved you’re going to be.

Recent Articles From Our Blog

Here at IVR Tech, everyone blogs! Below are some of our most recent insights on goings on, industry trends, and other topics related to security.