enterprisesecuritymag

Auric Systems International: Securing Payments through Real-Time Data Tokenization

CIO VendorRaymond Côté, President & Co-founder
Using tokenization to protect sensitive payment and other private data is not a new idea. Tokenization, which provides a crucial separation-of-data component, remains one of the most reliable ways to protect sensitive data. Auric Systems International (ASI), an early promoter of tokenization, rolled out their first tokenization service in 2007. “Our flagship product, the AuricVault® service is a PCI-compliant general-purpose tokenization service that can store up to 2,000 characters of tokenized data,” says Raymond Côté, president, and co-founder of ASI.

The AuricVault service allows clients to inject tokenization into existing data flows without undue disruption of existing business processes. Data can be tokenized and de-tokenized via both a real-time web API and secure batch processes. Various business enterprises have seen the importance of investing in the AuricVault service; with many clients each storing more than 13,000,000 tokens.

In addition to its tokenization storage, the AuricVault service standardizes tokenization of payment information to multiple payment processors. This provides clients with a standardized front-end API for capturing credit card information, which can then be passed to one or more payment processors to generate a processor-specific payment token. This capability is reforming the way businesses—including hospitality organizations, marketing fulfillment agencies, e-commerce, and telemarketing firms—implement e-commerce. In addition to real-time tokenization, the service supports batch-processing features for tokenizing and de-tokenizing large batches of files— hundreds of thousands of records—as well as securely transferring data to and from clients.

The AuricVault service’s standard JSON-RPC web interface protocol helps get new clients up and running within an hour. The service offers multi-tiered access controls that allow companies to efficiently control how they share data within the enterprise, with clients, and with business partners.

The AuricVault® service is a PCI-compliant general-purpose tokenization service that can store up to 2,000 characters of tokenized data


ASI’s flexible APIs support server-to-vault and browser-to-vault tokenization and help clients develop and integrate custom-embedded solutions hosted in a PCI-compliant environment. These customizable APIs can be incorporated into a customer’s legacy systems and fine-tuned to fit their specific needs.

According to Côté, “We also build client-specific data handling services around our core tokenization.” One such service is ASI’s tokenizing web proxy which emulates a company’s web service API, examines the received transmission, replaces specific data elements with a token, and then forwards the tokenized request to the company’s existing service. These proxies also work in reverse; intercepting outbound web service calls and replacing tokens with the original data. This helps organizations incorporate tokenization with minimal changes to their existing systems.

For example, a telemarketing company with operators making outbound sales calls for a periodical service was forwarding the collected orders and credit cards to the client every day. The company wanted to avoid a possible exploitation of the credit card numbers; to achieve that, they incorporated the AuricVault service to move sensitive cardholder data across their environments transparently. The company worked with ASI to implement tokenization within their existing web-based sales application and a back-end process to accept batches of tokenized order request files, replace the tokens with cardholder account numbers, encrypt the data, and securely deliver it to their clients.

A new web proxy tokenization service aimed at the online travel booking industry and a white-label version that provides a dedicated deployment for enterprises managing very high volumes of business, or with specific legal restrictions regarding data storage, are part of ASI’s future investments to steer the payment industry and the company ahead.