enterprisesecuritymag

comforte AG: Facilitating Payment Security through Tokenization

CIO VendorMichael Deissner, CEO
From varied compliance laws to payment security regulations, numerous banks and payment processors encounter various disruptions in safeguarding sensitive customer data. Especially today, when financial organizations are increasingly associating with each other to facilitate monetary transactions, customer data is at a higher risk. Although these organizations have a firewall, network security, and endpoint protection in place to protect data, they can’t completely rely on them. The payment ecosystem today requires advanced security mechanism to protect the data against any threats, an area where Germany-based comforte AG has been making great strides. Established in 1998, comforte AG provides financial organizations with payment and data-centric security solutions.

The company capabilities, however, go beyond that as it also helps organizations comply with regulations such as the General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS) around data security. “Compliance stands out as the principal cause for organizations to ensure data security, and we make sure that our clients are not only secured of data breaches but also from any deviation from data privacy standards and regulations,” says Michael Deissner, CEO at comforte AG.

comforte AG provides an advanced data security solution which primarily focuses on reducing the time and resources required for integrating data security with payment processing applications. “We follow a unique strategy to integrate our solution seamlessly into our client’s payment system. We call it snap-in protection where we insert our solution into the flow of data and intercept it to protect data on the fly,” explains the CEO. The company utilizes tokenization, which transforms sensitive data––be it a primary account number or personal data––into unique substitute values, known as tokens. These tokens are then used for processing or analytics while all sensitive information is protected.

One specific example of using protected data is secure fraud analysis.

We seamlessly integrate into our client's payment system where we insert our solution into the flow of data and intercept it to ensure that the data is protected


comforte AG’s data security approach allows banks and payment processors to retain referential integrity between the token and the credit or debit card number in a data set. This enables banks to perform fraud analytics on their protected data without any risk to sensitive data from internal or external threats.

Additionally, the company’s open banking solution assists multiple financial organizations in adhering to the regulations of the Payment Services Directive (PSD2). PSD2 mandates banks to allow third-party API access to the account information of their customers so that users have the freedom to choose which payment API they prefer. With comforte AG’s help, financial organizations can ensure the required account access and payment APIs can easily be implemented in their existing infrastructure.

comforte AG’s distinctive approach to payment security significantly helped a Croatia-based payment processing company, Mercury Processing Services International (MPSI) to comply with the data protection requirements of PCI DSS and GDPR. “MPSI had set extremely high goals in terms of securing its data, and we helped them by implementing our data-centric security solution within a few months to ensure their compliance with PCI DSS and GDPR,” explains Deissner. comforte AG integrated its security solution into MPSI’s payment application and now seamlessly protects sensitive data while it is processed as directed by the regulatory standards.

For about 18 years now, comforte AG has focused on HPE NonStop systems, a combination of hardware and software only used in the most mission-critical scenarios, but the company’s vision for next year is to grow its market outside of HPE NonStop. comforte AG is also preparing itself for tremendous growth in its financial investment and plans to provide tokenization as a service to its clients. This will enable banks to directly leverage the data security solution as a service rather than installing it in their payment application infrastructure.