In Layman’s Terms: (Visa) Format-Preserving Encryption

One of my clients asked me about Visa Format-Preserving Encryption. Could look into this. I am sharing a summary here.

FPE is …

Format-Preserving Encryption (FPE) is about encrypting so-called structured data, such as credit card or Social Security numbers.

With FPE you can encrypt data in such a way that does it not alter the data format.

Your data may be credit card numbers, account numbers, social insurance numbers, addresses, postal code, FPE will encrypt the data and the outcome will look like a credit card number, account number, social insurance number, address, postal code.

That’s it.

With this you can encrypt data per field without having to make big modifications to your existing application.

Then we come to the real goal.
We can have better data privacy and security. We can agree and adhere to certain industry standards for data privacy and security, such as PCI DSS in the Payment Card industry.

And the Visa?

Visa have invented and patented an algorithm to realize FPE and use this in their card handling. Called VISA Format-Preserving Encryption.visa format-preserving encryption

Why do we need this format preservation?

Sensitive data must be encrypted so that malicious people can not read that data. In financial transactions this is of course very important.

A problem is that with encryption the format of field could change. Traditional encryption algorithms take data as a byte stream, and turn it into another byte stream.

If you have a string of text, such as a name, after encryption this encrypted field may become larger than the original field, it may contain numbers or funny characters, or it may have become be a bigger field. Or if you have an account number, after encryption there may be characters in the result. Or there may be more digits in the result than in the account number.

This change of format of fields can cause several issues in applications.

Column sizes in databases may be too small to contain encryption results.
Fields in programs may become too small
Test data for application can become problematic.
It can become impossible to implement if these fields are used as keys in relational databases.
Your analytics may become problematic.

To prevent all these issues Format Preserving Encryption was invented. With it we can encrypt fields, but process these field in the programs as if they were not encrypted. The program is not aware of the encryption.

Clearly I am leaving out details. Fill me in where you feel necessary, I’s appreciate it.