Home
Products
Solutions
CustomersPricingDocs
Resources
Log inTalk to an Expert
Back
  • September 12, 2023
  • 4 min read

Product Update September '23

Categories

ProductCompany

Check out what’s new this month at Evervault — New Feature: Card Reveal, revamped solutions pages, and enhancements to Cages.

End-to-end PCI Compliance

We’ve revamped our PCI Compliance solution to incorporate our newest product features and extended compliance service. Using Evervault to accelerate PCI compliance allows you to collect and reveal cardholder data without worrying about the regulatory and compliance headaches typically associated.

We follow a few simple steps to speed up time-to-compliance:

  1. Initial consultation — We’ll work with you to understand your architecture and provide recommendations on how to integrate Evervault to reduce your compliance scope as much as possible.
  2. Technical integration — You’ll integrate Evervault based on one of our architecture templates, and we’ll validate your integration to ensure it’s fully compliant.
  3. Auditor introduction — We’ll give you an audit-ready PCI DSS policies and procedures bundle, as well as our PCI DSS Attestation of Compliance (AoC). We’ll also introduce you to an auditor who’s familiar with Evervault’s architecture.

Learn more about our PCI Compliance solution, or simply respond to this email to book a consultation with our team.

Card Reveal

We’re excited to reveal our latest feature: Reveal!

Reveal allows you to display plaintext cardholder data to your end users without increasing your PCI Compliance scope. Evervault-encrypted cardholder data can be passed to Reveal, which is a secure iframe element hosted by Evervault. The resulting workflow means the plaintext cardholder data never touches your infrastructure, which minimizes your PCI compliance scope.

Reveal is fully customizable and can be updated to match your design system with a simple CSS configuration.

To get started, check out the Evervault Reveal docs.

PII Encryption

We revamped our PII Encryption solution to better capture the full capabilities of our product. To keep sensitive customer data secure, you can easily encrypt customer PII anywhere in your stack and keep it secured everywhere. Use Evervault to:

  • Collect, process and share customer PII or ePHI — encrypted at-rest, in-transit and in-use
  • Restrict PII access to specific people, software, or third-party services
  • Easily comply with privacy regulations and improve overall security posture

Learn more about PII Encryption. Maybe there's an easter egg on the page; who knows.

Cages Updates

Trusted Certs
Cages are now issued publicly trusted TLS certs on startup. When your Cage is first deployed, it generates a key pair in the enclave and uses it to create a cert signed by a public CA. This allows you to call your Cage directly from end-user devices (browsers, mobile clients, etc.) without trusting the Cage’s self-signed cert.

The publicly trusted Cage cert will be used for requests to *.cage.evervault.com (note: cage, not cages). The publicly trusted Cage certs are not currently attestable from Evervault Clients (this will be released in the coming weeks).

Trusted headers
Up until now, Cage transaction logs have obfuscated any non-standard, or sensitive HTTP headers. The new trusted_headers option for Cages lets you specify your own allow list of headers to keep in plaintext in your transaction logs. This gives better observability into your Cage responses. For example, you can configure your Cage to expose response error codes and tracing data in your transaction logs:

1trusted_headers = ["X-Error-Code", "X-Trace-*"]

You can read more about configuring your Cage’s trusted headers in the docs.

Featured Content:

Threat modelling involves understanding the intricacies of your system, identifying vulnerabilities, prioritizing potential threats, and devising proactive mitigation plans. By incorporating threat modelling at the inception of a project, companies can adopt a secure-by-design approach rather than reacting to incidents post-breach.

Check out our content series breaking down potential threat vectors and the methodology behind mitigating them.

The Evervault Team

Related Posts

  • 28 May 2025

Introducing Evervault Page Protection: Securing payment pages from JavaScript attacks

Secure your payment pages against script and security header attacks while complying with PCI DSS 4.0 requirements, 6.4.3, and 11.6.1.

ByShane Curran
  • 23 October 2024

Multi-Payment Processors and Evervault

Multi-payment processor systems integrate multiple payment providers to handle transactions. Use Multi-psp to boost coverage to local populations and minimizes net transaction fees.

ByMathew Pregasen