PRIVACY, SECURITY AND THE VOLLY SERVICE

Transcription

1 PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by

2 EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers transaction statements, marketing promotions, catalogs and other rich media digitally from businesses to consumers based on the consumer s physical street address. Pitney Bowes brings years of experience at the convergence of physical and digital communications to the Volly service. Based on Pitney Bowes innovations, the Volly service creates a new consumer experience, allowing your customers to help manage their lifestyles with greater convenience and control. This new communications channel benefits mailers by providing a low-cost yet trusted and secure electronic distribution platform, with minimal expense in switching from existing mailing processes. The benefit to consumers is the ability to aggregate mail digitally from multiple providers, to enjoy secure remote access from a single log-in, and to choose from a wealth of options for sorting, prioritizing, processing, paying, archiving, retrieving, discarding and reporting on all their mail-based activities across numerous electronic platforms (e.g., iphone, ipad, or browser). The Volly service also handles user-uploaded documents for secure storage and record keeping. Additionally, it offers consumers opt-in control over how they will be marketed and communicated to, and in what format. Security and data privacy for consumers and mailers throughout the Volly platform are fundamental to its success. The Volly service provides a secure and trusted platform with data security, data privacy and a seal of trust that builds on 90 years of Pitney Bowes expertise. 1

3 SECURITY FEATURES The Volly secure digital delivery service: Leverages Pitney Bowes core competency around security with public/private key infrastructure (PKI) Supports document and data privacy and encryption with RSA 2048 bits PKI and AES 256 bits Pairs the right mail with the right mailbox using superior Pitney Bowes address quality technologies Relies on consumer opt-in-based delivery preferences Uses a public cloud-based infrastructure by turning it into a virtualized closed, private network Protects all privacy data with strong encryption Provides multi-tenant mailer support in the Volly platform to ensure that mailers data is isolated logically at different levels Implements role-based access and Federated Access Control using industry standards (SAML 2.0) KEY SECURITY CHARACTERISTICS Encryption of all personally identifiable information (PII) Strong one-way encryption of log-in credentials Automatic account log-out after a period of inactivity Security image to prevent phishing attacks Additional security questions System-generated alerts and notifications for increased security Secure data storage in a separate database protected with hardware and software encryption techniques Protection of every customer statement and bill using a unique key protected by a hardware security module Automatic backup of database servers for added dataprotection User control over who can deliver mail to the account Adopts a PCI compliant payment system Deploys cloud-based security standards around the infrastructure, network, application and data security Provides multilevel authentication for consumers with passwords, random security questions, site keys and secret phrases Centralizes mailer-level authentication with role-based access to mailer users HOW IT WORKS: A CLOSED, SECURE, END-TO-END SYSTEM 2

4 Public access: Basic requirements Any secure public website has three main requirements: Security Data privacy Trust The Volly secure digital delivery service fulfills these requirements by being PCI compliant for payments, and by having trust seals from TRUSTe (pending) and Verisign (pending). Core mailer security requirements There are three core mailer security requirements for digital statement delivery: Protecting confidentiality/privacy/integrity of customer data Protecting sensitive data around customers businesses Compliance with industry standards The Volly service resolves these concerns as well, through the features and standards outlined below. PLATFORM SECURITY Cloud security The Volly service is built on an integrated solution using a hybrid of both a public and a private cloud structure. Private cloud. The private cloud is a PCI compliant and SAS 70 Certified environment that ensures that all data is secure. Application data is stored only in the private cloud; no application data is ever stored in the public cloud. The data store installed in the private cloud further masks or encrypts any fields related to PCI or HIPAA compliance. Public cloud. Effectively, the public cloud is being used as a virtual private cloud with no external interface being exposed to the outside world. To safeguard the Volly service from intrusion from within the public cloud, the internal network interfaces of the machine instances in the public cloud are also secured for pointto-point access only. This helps ensure that no intruder from within the cloud can access any Volly public cloud instance. While the data is being transferred to the public cloud it cannot be accessed because of the closed point-to-point network. Moreover, all the privacy/security fields are encrypted/masked for enhanced security. The cloud orchestration framework, responsible for managing and auto-scaling the cloud infrastructure, is itself deployed in a secure private cloud with all system configurations being stored in a secure LDAP store. Network security The private cloud is a closed network, as previously mentioned, and all public access by consumers happens through the private cloud. Strong firewall support in the private cloud helps ensure a secure and safe environment. The public cloud itself is secured and closed using strong iptables based firewall strategies. The public cloud is never exposed, and all the calls from and to the public cloud go through the secure private cloud. Thus, the combined implementation of iptables, secure system configuration, effective closed-load balancing and secure proxy being used for IP and port control caters to all the security aspects required for network security. Data security All PCI or HIPAA compliant data fields are encrypted/ masked in the data store, file system and messaging queues, as well as during data transfer across the network. 3

5 Services security The Volly secure digital delivery service was developed with a services-oriented architecture. All consumer services are developed using REST and all mailer services are developed using SOAP/ WSDL. All the services use token-based authentication and authorization mechanisms to make sure that only valid, authenticated systems/processes can communicate with the Volly platform. Application security The application access is highly secure, using a Secure Sockets Layer (SSL) Certificate based public access. The public interface uses trust seals providing the user with the level of trust meant for a payment site as well as ensuring that privacy is completely covered. MAILER SECURITY Address quality The Volly core value proposition is based on physical address delivery. The Volly service uses certified addresses to verify address accuracy during customer on-boarding. Volly capabilities automatically pair the street address of the bill or statement with the digital mailbox address during the production run. The Volly service keeps track of address changes and moves for consumers and handles the delivery of mail to the current address. This ensures that mail will not be delivered to the wrong address when a consumer moves, protecting privacy and also reducing mailer liability. The Volly service also geocodes each address for further verification. Digital document delivery The Volly platform ensures that only the owner of the document has access to the document. The document itself is encrypted and stored by an AES 256-bit security mechanism, where the signing key is itself encrypted using public/private key infrastructure. The public/private keys are stored in a hardware security module. This module is typically used for very highsecurity applications. The document encryption happens at the document production site, so effectively the document is encrypted at the source and is opened only at the destination. This also signifies that the document s rest state throughout the Volly engagement is both encrypted and secured. The Volly document retrieval process passes through an application-level check to authorize the user, for which the user s credentials are provided and validated against the secure SSO framework. DOCUMENT ENCRYPTION AND KEY STORE 4

6 Secure mailer gateway The Secure Mailer Gateway (SMG) is installed at the service provider site and connects to the Volly service using a secure VPN. This ensures that all data being transferred from the mailer to the Volly service is secure and encrypted in the transfer mode. The decision for electronic/physical split is handled at the mailer site based on delivery preference lookup using the mailing address data extracted from statements during the production run. The Secure Mailer Gateway also ensures that all electronic documents are individually encrypted at the mailer site prior to transmission. Payments Volly offers PCI compliant payment capability for billing statements using ACH (Automated Clearing House) and credit cards. All the payment account data is encrypted and stored in a private database. In order to facilitate payments, the payment-centric details are extracted from statements during the production run. Web seals The Volly service uses TRUSTe privacy seals (pending) and Verisign SSL Certificates (pending) to signal that all consumers can confidently use the system, since these are the most recognized and trusted security brands on the Internet. Access control The Volly service uses a role-based access protocol whereby every user including consumers and mailers is assigned a role that decides the operation/functionality a user can access. The role-based access protocol is built using an authorization component of Single Sign On (SSO) and uses secure LDAP as the underlying data store. All access points including service endpoints and user interfaces are controlled by this role-based access system. Every change made to this access control system is logged for security audits. CONSUMER SECURITY Document security A very strong 2048-bit RSA public/private keys document encryption/decryption mechanism ensures that the document is sealed at the mailer end and can be opened only by the owner of the document. This replicates virtually the physical experience of opening mail privately. The document is never stored un-encrypted in the Volly system. All the encryption keys are stored in the security appliance and all the communication between the security appliance and the public cloud will use Secure Sockets Layer (SSL). 5

7 CONSUMER ON-BOARDING Volly access to all consumers, whether Web-based or through mobile devices, is via industry standard HTTPS (HTTP over 128-bit SSL) encryption. All consumers are on-boarded using a secure registration form, with authentication and authorization handled using SSO. The SSO internally uses a very secure LDAP-based data store that maintains password encryption. The Volly service uses a strong CAPTCHA mechanism to protect against automated attacks. Address verification, verification and identity verification help to ensure that all consumers are validated and that they are the actual residents at the designated street address before they become operational users. This means that the mailer does not have to manage identity. Site keys and security questions further provide a secure way of validating and managing users. All consumer access to the Volly service is logged and audited for possible resolution of security issues. The unique address sanitization process helps ensure that mailers can use the Volly service with high confidence. GLOSSARY ACH AES CAPTCHA HIPAA LDAP Mailer PCI DSS PII PKI REST SAML 2.0 Service Provider SMG SOAP/WSDL SSL Automated Clearing House Advanced Encryption Standard User text entry security verification Health Insurance Portability and Accountability Act Lightweight Directory Access Protocol Owns the mail Payment Card Industry Data Security Standard Personally Identifiable Information Public Key Infrastructure Representational State Transfer Security Assertion Markup Language 2.0 Processes the mail Secure Mailer Gateway Simple Object Access Protocol/Web Services Description Language Secure Sockets Layer SSO Single Sign On VPN Virtual Private Network LEARN MORE AT vollysales@pb.com by Volly, Pitney Bowes, the corporate logo are trademarks of Pitney Bowes Inc. All other trademarks are the property of the respective owners. All other trademarks Pitney Bowes Software Inc. All rights reserved. An Equal Opportunity Employer.