Fireblaze Vault is a tokenization service, aims to be an open platform designed to protect your sensitive data and inherit best-in-class security posture in order to fast-track certifications like PCI DSS, SOC2, HIPAA and others.
Fireblaze Vault helps with tokenization and secure storage of sensitive data, and digital assets like PII, Credit Cards, Passports/IDs, Credentials, and more.
- vaulting of payment card data (avoid liability and being locked-in to a payment provider)
- analytics on card scheme, brand, type, currency, banks
- risk assessment based on geolocation, ip address, black lists
- 1-click payment solution, driving impulsive sales up by 55%, removing the barrier of card details re-entry
- automated AML checks on passports/IDs
- GDPR compliant personal identifiable information (PII) storage
curl -X POST \
http://localhost:3000/v1/card \
-H 'Content-Type: application/json' \
-d '{
"holder": "leonardo", # Cardholder name
"number": "4415281263901560", # Payment card number
"exp_month": 1, # Expiry month
"exp_year": 2022, # Expiry year
"cvc": 123, # MC(Card Verification Code), VISA(Card Verification Value)
"auto_delete": "THREE_MONTHS" # Delete this data in 3 months
}'{
"auto_delete_on": "2020-06-27T07:08:31.500606Z",
"expires_on": "2022-02-01T00:00:00.000000001Z",
"first_six": 466945,
"hash": "ZmJpZC0xNDQzNjM1MzE3MzMxNzc2MTQ4V06Nh[...]",
"last_four": 8424,
"metadata": {
"currency": "USD",
"issuer": {
"country": "United States of America",
"country_code": "US",
"latitude": 38,
"longitude": -97,
"map": "https://www.google.com/maps/search/?api=1&query=38,-97"
},
"scheme": "visa"
},
"mpi": {
"acs": "https://secure5.arcot.com/acspage/cap?RID=35325&VAA=B",
"eci": 2,
"enrolled": true,
"par": "eNpdU8tymzAU3ecrvMumYz1AgD2yZnDsTpMZ[...]"
},
"request_ip": "127.0.0.1",
"risk": {
"score": 30
},
"token": "tok_e4912b25-b8ef-4cf8-bb0d-449bcaf58e08",
"user_agent": "grpc-go/1.25.1"
}
We use protobuf to serialize the data and gRPC to transport it, for compatibility we also support JSON serilization over HTTP transport via reverse-proxy, auto-generated thanks to grpc-gateway, which also generates the Swagger documentation, available at https://doc.fireblaze.io/card.
Sensitive data is encrypted at rest using AES-GCM and an HSM module to generate entropy for the encryption keys which must be FIPS 140-2 Level 3 certified to meet compliance. Check the kms service for the GCP CloudKMS implementation. Feel free to extend the interface with other implementations e.g. AWS CloudHSM
We like to think of data in graphs, leveraging ent as our entity framework, which supports PostgreSQL, MySQL, SQLite, Gremlin.
The infrastructure is designed around Kubernetes with the goal of passing PCI-DSS Level 1 compliance.
The pipelines run on our self-hosted Gitlab, feel free to request access, you can sign-in with your Github account.
Fireblaze Vault is currently in MVP status, we're proud to solve this challenge and excited to share it with the community.
- compliant tokenization of digital assets
- payment card validation w/ regex & luhn check
- payment card metadata retrieval
- payment card risk probability