Product Update January '24

Happy new year from the team! This month we’ve launched game-changing data security features that make it even easier to keep your sensitive customer data secure.

Introducing Confidential Computing, powered by Enclaves

We’ve launched our Confidential Computing Solution, alongside the general availability release of our Enclaves Primitive.

Enclaves, previously in beta as ‘Evervault Cages’, are highly constrained compute environments that allow you to run sensitive workloads securely. Think of it like a burglar breaking into your house, only to find every valuable thing you own locked in an indestructible vault buried deep, deep underground.

We’ve abstracted away the complicated bits from legacy confidential computing technologies, then added ease-of-use layer and stronger data protection, meaning that when you process sensitive data with Evervault, you can dramatically improve your security posture in minutes, not months.

Read more about our launch here.

Flexible and customizable UI Components

UI Components is the next evolution of our Inputs product, allowing you to compliantly collect or display customer credit card data. They are customizable components for any payments workflow, served within an iframe directly from Evervault’s PCI-compliant infrastructure.

This Primitive has been rebuilt from the ground up with a new styling API that allows you to have complete control over the appearance of the components. This release also includes a new component for collecting PIN numbers.

Take a look at the video overview, or read the UI Components documentation to get started!

Inspect API

We’ve introduced a new API that can be used to obtain metadata about an encrypted value. Simply pass an Evervault encrypted value and get details like the encryption time, data type, data role, a unique fingerprint or domain-specific metadata, all without the need to access the actual plaintext value.

Specifically for encrypted card numbers, this endpoint provides useful card metadata, including the bin, the last four digits, funding type, segment, currency, country of issuance, and the card issuer.

The fingerprint provided by the API endpoint can also be used as a unique identifier for the plaintext value.

Learn more about the new Inspect operation in our API docs.

Upgrading to PCI DSS v4?

Are you (or is someone on your team) aware that PCI DSS v4 will be the mandatory standard for PCI audits starting March 31st, 2024? If not, now’s the time to make sure your product is on top of the required updates.

Our in house compliance guru, wrote about the upcoming PCI DSS standard changes starting March 31st, 2024. If your team hasn't navigated this transition yet, now is the time to do so.

Take a look at our article, it digs into:

• How to most effectively approach the upcoming regulatory changes at your company
• Why now is the right time to evaluate your payments security setup
• How to balance decreasing your PCI compliance costs, while improving the overall effectiveness of your security posture
• Why descoping your cardholder data environment (CDE) is actually a good thing

Let us know if you have any questions, we’re always happy to evaluate your payment security setup and see if there's room for improvement.