AES TRUESecure 2.2
TRUESecure 2.2 ensures that NPI customer data is encrypted in motion in accordance with PCI compliance using an AES proprietary encryption algorithm. NPI customer data is encrypted at rest in accordance with PCI compliance, also using an AES proprietary algorithm. Files in motion are transferred using PGP encryption using public key exchange and private key validation. TRUESecure 2.2 manages a multi-layer security infrastructure, including file integrity monitoring, web application firewall, perimeter firewall, internal firewalls, log management, intrusion detection system, intrusion prevention system, event alerts/alarm systems, and two-factor authentication.
TRUESecure 2.2 supports a multi-tier architecture with multiple security zones, whereby each zone is protected by a firewall and has its own security requirements. The architecture allows limited exposure to public Internet.
Most importantly, TRUESecure 2.2 Data Exchange secures all batch connection methods via PGP encryption; SFTP with SSH, exchange Public Key and validate with Private Key:
- Over public Internet through custom port.
- Over encrypted VPN.
- Over dedicated direct connection.
Real Time Connection Methods include:
— Over the public Internet.
— Over encrypted VPN.
— Over encrypted dedicated direct connection (T1, Frame Relay).
- IBM WebSphere MQ encrypted with SSL.
— Over encrypted VPN
— Over dedicated direct connection.
- XML profile pulls over VPN.
- ISO 27001 Candidate.
Reasons why TRUESecure 2.2 deserves an Innovation Solution Award:
1. TRUESecure 2.2 is a key component of the TRUE System, the unequivocal superior Agent Emulation technology for banks, maximizing compliance, recoveries, employee efficiency, and sales.
2. The TRUE system is a patented technology with 35 domestic and international patents issued and pending.
3. TRUESecure 2.2 is the next generation fraud prevention system for financial self-service applications.
4. Since its implementation, paired with its sister system TRUECollect 2.2, TRUESecure 2.2 has consistently thwarted intrusion attempts and fraudulent usage.