Skip to content
Products
By Type
By Industry
Applications
A suite of applications built on InterSystems IRIS data platform and optimized to address industry specific challenges.
A FHIR®-enabled care management software solution that allows the entire care team to create and share comprehensive care plans.
A cloud-based, on-demand service delivering near real-time, secure access to patient data from across the nation.
Analytics solution that provides real-time care insights and in-depth analysis for clinical, business, and population health management.
A next-generation enterprise master person index – an automated, easily integrated solution for identity resolution.
A reimagined EHR with built-in GenAI that empowers clinicians, enhances patient experiences, and elevates business operations.
Helps clinicians, care managers, and care teams strengthen coordination, enhance continuity of care, and improve patient engagement in under-served rural areas.
Enables health systems, independent providers, health plans, HIEs, governments and software developers to create a digital front door.
Collects, consolidates, and publishes information about healthcare providers' relationships to patients, health plans, and one another.
A powerful, flexible electronic health record (EHR) that supports all leading health information interoperability standards and profiles.
Enterprise solution supports any clinical lab service, public or private, independent to extensive national laboratory systems.
Low Code Platforms
A suite of low code platforms built on InterSystems IRIS and optimized to address industry-specific challenges.
An aggregated, normalized and deduplicated patient record created from patient data across multiple sources.
A high-availability, high-performance integration engine created specifically for healthcare.
A cloud-based data pipeline and management solution combining FHIR with an out-of-the-box transformation to the CDM and OMOP repository.
One integration that standardizes data exchange between Epic Payer Platform and your clinical and administrative applications.
Interoperability solutions designed to help U.S. health insurers address CMS-0057 and CMS-9115.
Platforms & Components
Versatile foundation supporting a range of solutions, with built-in APIs for integration.
Rapidly access & use FHIR data from diverse sources without the need to create your own FHIR computing infrastructure.
A high-performance data platform designed to make it easy to build applications that support mission-critical processes.
Fully managed cloud-native SaaS offerings that provide customers the fastest time to value for InterSystems data management software.
A digital health data platform that provides the building blocks needed to work with any healthcare data standard, including FHIR.
An AI-enabled supply chain decision intelligence platform that predicts disruptions before they occur, and optimally handles when they do.
Healthcare
InterSystems HL7 FHIR-based technology and solutions power success for organizations across the entire healthcare ecosystem.
A cloud-based, on-demand service delivering near real-time, secure access to patient data from across the nation.
A suite of solutions that work together to capture information, share it in a meaningful way, aid understanding, and drive transformative action.
Analytics solution that provides real-time care insights and in-depth analysis for clinical, business, and population health management.
Rapidly access & use FHIR data from diverse sources without the need to create your own FHIR computing infrastructure.
A high-availability, high-performance integration engine created specifically for healthcare.
A reimagined EHR with built-in GenAI that empowers clinicians, enhances patient experiences, and elevates business operations.
A digital health data platform that provides the building blocks needed to work with any healthcare data standard, including FHIR.
A cloud-based data pipeline and management solution combining FHIR with an out-of-the-box transformation to the CDM and OMOP repository.
One integration that standardizes data exchange between Epic Payer Platform and your clinical and administrative applications.
Interoperability solutions designed to help U.S. health insurers address CMS-0057 and CMS-9115.
Helps clinicians, care managers, and care teams strengthen coordination, enhance continuity of care, and improve patient engagement in under-served rural areas.
A powerful, flexible electronic health record (EHR) that supports all leading health information interoperability standards and profiles.
Enterprise solution supports any clinical lab service, public or private, independent to extensive national laboratory systems.
Financial Services
Enabling firms to transform at scale, so they can increase customer satisfaction, adopt generative AI, maintain compliance, grow revenue, and optimize efficiency.
A high-performance data platform designed to make it easy to build applications that support mission-critical processes.
The fastest way for financial services firms to break down silos and transform disparate data into a single unified resource of actionable information.
Launch new funds, accelerate AI initiatives, automate reporting with a self-service solution tailor-made for asset management firms.
Supply Chain
Empowering organizations with real-time supply chain visibility and the ability to make optimized, real-time, AI-driven decisions.
An AI-enabled supply chain decision intelligence platform that predicts disruptions before they occur, and optimally handles when they do.
A data gateway that speeds and simplifies data access for supply chain applications and practitioners.
Knowledge Hub
Developer Websites
New to InterSystems? Start here, this is your gateway to developer sites, tutorials and more.
Connect, grow, share. The developer community is full of resources, news, and events and a community of people to connect with.
Everything you need to know about our products and more.
Develop. Learn. Share. Network. All with InterSystems Global Masters program where you can join an engaged community of developers.
Experience first hand the community’s dedication to the evolution of our technology with applications.
Education
Get to know InterSystems products and technologies your way, with self-paced online materials and classroom courses.
Online learning presents self-paced materials to help you build and support your organization's most critical applications.
In-person courses maximize learning in a distraction-free environment with face-to-face engagement.
InterSystems proudly supports the free use of InterSystems products for university and college coursework.
View the full list of course offerings and our current course schedule.
Certification
Offers industry-standard exams, flexible testing options, certification badges, and career advancement opportunities demonstrating expertise in InterSystems technologies.
InterSystems Learning Services offers industry-standard certification exams that allow you to prove your mastery of our technology.
Digital credentials that represent the varying levels of achievement you can earn with InterSystems.
Everything you need to know about preparing for, scheduling, and taking InterSystems Exams.
Retake Policies & Support, Beta Exams and more.
Answers to common questions regarding exams, including exam preparation, practice exams, retaking exams, and certifications.
InterSystems Blogs
Explore InterSystems blogs featuring expert insights, industry trends, technology innovations, data management strategies, and thought leadership.
Healthcare industry experts talk about pressing challenges, issues, and trends at the intersection of healthcare and technology.
Addressing various business, data, and technology-related issues for the line of business.
Partners
Partner Programs
Our partners ensure that organizations around the globe are already ready for tomorrow’s opportunities.
Bring together people, processes and technology to deliver solutions that solve complex customer challenges.
Combine your expertise with our proven data, analytics and interoperability capabilities to deliver optimal solutions.
Specialists whose services and guidance ensure consistent, effective delivery of InterSystems technology.
Provide complementary tools and platforms that strengthen and expand our technologies' capabilities.
InterSystems powers data-driven digital startups across healthcare, financial services, and supply chain.
Cloud Partners
InterSystems works with the world's leading cloud providers to give customers the freedom to deploy our technology where it delivers the most value.
The speed, scale, and capabilities of InterSystems and AWS can streamline operations, improve access to data and power breakthrough applications.
InterSystems IRIS and InterSystems IRIS for Health Data Platforms are Preferred Solutions on Azure Marketplace.
InterSystems and Google Cloud empower you to quickly build new apps or modernize existing ones to increase agility and reap the benefits of the multicloud.
InterSystems works with the world’s leading cloud providers - including Amazon Web Services (AWS), Microsoft Azure, Google Cloud, TenCent and Alibaba
Company
About Us
Our technologies provide the connective tissue that transforms disparate data into a single, complete view, enabling better outcomes.
News
News and resources for media including press releases, media kits, tools and more.
The latest news and coverage from our corporate headquarters in Boston, MA.
Core information about InterSystems, our background, our products and technologies, and more.
Please contact Corporate Affairs & Communications regarding media inquiries.
Events
Check out conferences and events we're hosting and attending, and view on-demand content for anything you missed.
Browse our upcoming conference and event schedule to see where we'll be and what we'll be covering.
View our library of on-demand content, including keynote speeches from InterSystems READY, webinars and live event footage.
Watch keynote presentations from InterSystems READY 2026.
Support
Product Support
We provide expert technical assistance to customers 24 hours a day, every day, with support advisors in 15 countries.
Read about support alerts, critical issues, fixes, and product releases.
Access current and previous versions and related notes for InterSystems products.
Contact the WRC for Immediate Help
Documentation
Detailed technical information for InterSystems products, technologies, solutions, and more.
Products
By Type
By Industry
Applications
A suite of applications built on InterSystems IRIS data platform and optimized to address industry specific challenges.
A FHIR®-enabled care management software solution that allows the entire care team to create and share comprehensive care plans.
A cloud-based, on-demand service delivering near real-time, secure access to patient data from across the nation.
Analytics solution that provides real-time care insights and in-depth analysis for clinical, business, and population health management.
A next-generation enterprise master person index – an automated, easily integrated solution for identity resolution.
A reimagined EHR with built-in GenAI that empowers clinicians, enhances patient experiences, and elevates business operations.
Helps clinicians, care managers, and care teams strengthen coordination, enhance continuity of care, and improve patient engagement in under-served rural areas.
Enables health systems, independent providers, health plans, HIEs, governments and software developers to create a digital front door.
Collects, consolidates, and publishes information about healthcare providers' relationships to patients, health plans, and one another.
A powerful, flexible electronic health record (EHR) that supports all leading health information interoperability standards and profiles.
Enterprise solution supports any clinical lab service, public or private, independent to extensive national laboratory systems.
Low Code Platforms
A suite of low code platforms built on InterSystems IRIS and optimized to address industry-specific challenges.
An aggregated, normalized and deduplicated patient record created from patient data across multiple sources.
A high-availability, high-performance integration engine created specifically for healthcare.
A cloud-based data pipeline and management solution combining FHIR with an out-of-the-box transformation to the CDM and OMOP repository.
One integration that standardizes data exchange between Epic Payer Platform and your clinical and administrative applications.
Interoperability solutions designed to help U.S. health insurers address CMS-0057 and CMS-9115.
Platforms & Components
Versatile foundation supporting a range of solutions, with built-in APIs for integration.
Rapidly access & use FHIR data from diverse sources without the need to create your own FHIR computing infrastructure.
A high-performance data platform designed to make it easy to build applications that support mission-critical processes.
Fully managed cloud-native SaaS offerings that provide customers the fastest time to value for InterSystems data management software.
A digital health data platform that provides the building blocks needed to work with any healthcare data standard, including FHIR.
An AI-enabled supply chain decision intelligence platform that predicts disruptions before they occur, and optimally handles when they do.
Healthcare
InterSystems HL7 FHIR-based technology and solutions power success for organizations across the entire healthcare ecosystem.
A cloud-based, on-demand service delivering near real-time, secure access to patient data from across the nation.
A suite of solutions that work together to capture information, share it in a meaningful way, aid understanding, and drive transformative action.
Analytics solution that provides real-time care insights and in-depth analysis for clinical, business, and population health management.
Rapidly access & use FHIR data from diverse sources without the need to create your own FHIR computing infrastructure.
A high-availability, high-performance integration engine created specifically for healthcare.
A reimagined EHR with built-in GenAI that empowers clinicians, enhances patient experiences, and elevates business operations.
A digital health data platform that provides the building blocks needed to work with any healthcare data standard, including FHIR.
A cloud-based data pipeline and management solution combining FHIR with an out-of-the-box transformation to the CDM and OMOP repository.
One integration that standardizes data exchange between Epic Payer Platform and your clinical and administrative applications.
Interoperability solutions designed to help U.S. health insurers address CMS-0057 and CMS-9115.
Helps clinicians, care managers, and care teams strengthen coordination, enhance continuity of care, and improve patient engagement in under-served rural areas.
A powerful, flexible electronic health record (EHR) that supports all leading health information interoperability standards and profiles.
Enterprise solution supports any clinical lab service, public or private, independent to extensive national laboratory systems.
Financial Services
Enabling firms to transform at scale, so they can increase customer satisfaction, adopt generative AI, maintain compliance, grow revenue, and optimize efficiency.
A high-performance data platform designed to make it easy to build applications that support mission-critical processes.
The fastest way for financial services firms to break down silos and transform disparate data into a single unified resource of actionable information.
Launch new funds, accelerate AI initiatives, automate reporting with a self-service solution tailor-made for asset management firms.
Supply Chain
Empowering organizations with real-time supply chain visibility and the ability to make optimized, real-time, AI-driven decisions.
An AI-enabled supply chain decision intelligence platform that predicts disruptions before they occur, and optimally handles when they do.
A data gateway that speeds and simplifies data access for supply chain applications and practitioners.
Knowledge Hub
Developer Websites
New to InterSystems? Start here, this is your gateway to developer sites, tutorials and more.
Connect, grow, share. The developer community is full of resources, news, and events and a community of people to connect with.
Everything you need to know about our products and more.
Develop. Learn. Share. Network. All with InterSystems Global Masters program where you can join an engaged community of developers.
Experience first hand the community’s dedication to the evolution of our technology with applications.
Education
Get to know InterSystems products and technologies your way, with self-paced online materials and classroom courses.
Online learning presents self-paced materials to help you build and support your organization's most critical applications.
In-person courses maximize learning in a distraction-free environment with face-to-face engagement.
InterSystems proudly supports the free use of InterSystems products for university and college coursework.
View the full list of course offerings and our current course schedule.
Certification
Offers industry-standard exams, flexible testing options, certification badges, and career advancement opportunities demonstrating expertise in InterSystems technologies.
InterSystems Learning Services offers industry-standard certification exams that allow you to prove your mastery of our technology.
Digital credentials that represent the varying levels of achievement you can earn with InterSystems.
Everything you need to know about preparing for, scheduling, and taking InterSystems Exams.
Retake Policies & Support, Beta Exams and more.
Answers to common questions regarding exams, including exam preparation, practice exams, retaking exams, and certifications.
InterSystems Blogs
Explore InterSystems blogs featuring expert insights, industry trends, technology innovations, data management strategies, and thought leadership.
Healthcare industry experts talk about pressing challenges, issues, and trends at the intersection of healthcare and technology.
Addressing various business, data, and technology-related issues for the line of business.
Partners
Partner Programs
Our partners ensure that organizations around the globe are already ready for tomorrow’s opportunities.
Bring together people, processes and technology to deliver solutions that solve complex customer challenges.
Combine your expertise with our proven data, analytics and interoperability capabilities to deliver optimal solutions.
Specialists whose services and guidance ensure consistent, effective delivery of InterSystems technology.
Provide complementary tools and platforms that strengthen and expand our technologies' capabilities.
InterSystems powers data-driven digital startups across healthcare, financial services, and supply chain.
Cloud Partners
InterSystems works with the world's leading cloud providers to give customers the freedom to deploy our technology where it delivers the most value.
The speed, scale, and capabilities of InterSystems and AWS can streamline operations, improve access to data and power breakthrough applications.
InterSystems IRIS and InterSystems IRIS for Health Data Platforms are Preferred Solutions on Azure Marketplace.
InterSystems and Google Cloud empower you to quickly build new apps or modernize existing ones to increase agility and reap the benefits of the multicloud.
InterSystems works with the world’s leading cloud providers - including Amazon Web Services (AWS), Microsoft Azure, Google Cloud, TenCent and Alibaba
Company
About Us
Our technologies provide the connective tissue that transforms disparate data into a single, complete view, enabling better outcomes.
News
News and resources for media including press releases, media kits, tools and more.
The latest news and coverage from our corporate headquarters in Boston, MA.
Core information about InterSystems, our background, our products and technologies, and more.
Please contact Corporate Affairs & Communications regarding media inquiries.
Events
Check out conferences and events we're hosting and attending, and view on-demand content for anything you missed.
Browse our upcoming conference and event schedule to see where we'll be and what we'll be covering.
View our library of on-demand content, including keynote speeches from InterSystems READY, webinars and live event footage.
Watch keynote presentations from InterSystems READY 2026.
Support
Product Support
We provide expert technical assistance to customers 24 hours a day, every day, with support advisors in 15 countries.
Read about support alerts, critical issues, fixes, and product releases.
Access current and previous versions and related notes for InterSystems products.
Contact the WRC for Immediate Help
Documentation
Detailed technical information for InterSystems products, technologies, solutions, and more.
Search to learn about InterSystems products and solutions, career opportunities, and more.

Using InterSystems IRIS Data Platform for Securely Storing Credit Card Data

Introduction

An ever-increasing number of purchases and payments are being made by credit card. Although merchants and service providers that accept credit cards have an obligation to protect customers’ sensitive information, the software solutions they use may not support best practices for securing credit card information. To help combat this issue, a security standard for credit card information has been developed and is being widely adopted.

The Payment Card Industry (PCI) Data Security Standard (DSS) is set of guidelines for securely handling credit card information. Among its provisions are recommendations for storing customer information in a database. This document outlines how software vendors can take advantage of InterSystems IRIS Data Platform™ to comply with data storage guidelines within the PCI DSS.

Use Cases for Securing Credit Card Information

The best way to ensure the security of information within a database is not to persist (store) it at all. Enterprises that deal with credit card data must save some information, however, such as the cardholders’ names, Personal Account Numbers (PANs), expiration dates, and service codes. The PCI DSS recommends only persisting the minimum necessary amount of cardholder data. When cardholder data must be stored, the PCI DSS requires that (at a minimum) PANs be rendered unreadable in the database and in all journal logs.

Exactly how PANs are secured may differ according to the use case. In general, use cases fall into one of two categories: when a credit card is being used purely for verification, and when it is being used to pay for goods or services.

Using a Credit Card for Verification

When an application is designed to accept a credit card as a form of identification (for example, when someone uses their card to retrieve a record of their airline reservation) it is not necessary for a useable clear-text PAN to be stored at all. According to the PCI DSS, either hashing or truncation may be used to store a version of the PAN that is sufficient for verification purposes.

  • Hashing
    Information is transformed according to a complex algorithm and only the transformed, or hashed, version is stored. The hashing algorithm only works one way — it is impossible to uniquely determine the original information from the hashed version. For verification purposes, a hashed version of the PAN provided by the cardholder can be compared to the stored hash value.
  • Truncation
    Only a portion of the information is stored. For verification purposes, the PAN provided by the cardholder is truncated in the same way and compared to the stored value. In general, truncation provides weaker security than hashing.

Using a Credit Card for Payments

Applications that accept credit card payments must have access to a usable PAN in order to process a transaction. According to the PCI DSS, there are three acceptable ways of handling PAN information.

  • The PAN is not persisted (stored on disk) at all
    This scenario might occur, for instance, when someone makes a credit card purchase from an online vendor and checks out as a “guest”. The card holder must provide the complete PAN each time they make a purchase. The application will use the PAN in memory, but not persist it. (The PCI DSS includes guidelines for securing PANs and other sensitive information in transit, but that is beyond the scope of this paper.)
  • Truncation
    Only a portion of the PAN is stored. The cardholder must provide the missing information that will allow the application to reassemble the PAN in memory. A useable PAN exists only in memory, not on disk.
  • Encryption
    The PAN is transformed into ciphertext or cleartext according to a complex algorithm, using an encryption key, but only ciphertext is stored. Unlike hashing, encryption allows for two-way transformation. Using the encryption key, the application can decipher the PAN and use it (in memory) to process a credit card transaction.The PCI DSS calls for using “strong” encryption and re-encrypting information periodically. Also, encryption keys must not be stored in, or tied to, user accounts.

How InterSystems IRIS Enables Secure Data Storage

InterSystems IRIS Data Platform offers a strong, consistent, and high-performance security structure for applications.

Here is how InterSystems products enable applications to securely store data such as PANs:

  • Hashing
    InterSystems IRIS provides built-in access to several Secure Hash Algorithms (e.g. SHA-3) to hash data.
  • Truncation
    Fully supported and implemented as part of the application running inside InterSystems IRIS.
  • Data-at-Rest encryption
    InterSystems IRIS implements the Advanced Encryption Standard (AES) algorithm.With data-at-rest encryption, the entire database and pre- and post-image journals are encrypted using one encryption key. Access to the key is managed by the system, so a user account (i.e., a process) does not hold the database encryption key.All information, including indexes, stored in an encrypted database is protected.
  • Data element encryption
    InterSystems IRIS allows for individual pieces of information to be encrypted by offering developers access to the encryption suite. Data element encryption is often preferred to store sensitive information, like PANs, because it allows (with the correct provisioning) the re-encryption of data elements, without interruptions to database access.
  • Auditing
    InterSystems IRIS comes with a robust and tamper-resistant auditing system, which audits all changes to the security model. Application developers can use the same audit database by incorporating calls to the audit system in the application code.

Key Management Within InterSystems IRIS Security Model

Because the PCI DSS is widely used, InterSystems IRIS includes several capabilities specifically designed to make it easier to build applications that comply with the standard. They are mainly concerned with the key management used by data element encryption.

Managed Keys

Encryption key material used for data element encryption is securely held by the system, by storing it in the same protected memory location as the database encryption key. Applications will refer to individual encryption keys using a unique KeyID, therefore eliminating direct access to the key material itself.

To make things easier for developers, when this new method of data element encryption is used, the KeyID is embedded in the resulting ciphertext. This enables the decryption process to automatically identify the key that was used to encrypt the data. The new managed key system supports several such keys in addition to the database encryption key. This will make it easy for application developers to satisfy re-encryption requirements in real time and with virtually no impact to the performance of the deployed application.

Conclusion

The PCI DSS is being adopted by merchants and service providers around the world who need to securely handle credit card information. Application providers need to make sure their solutions are compliant with this standard.

InterSystems IRIS gives developers the ability to build applications that comply with the PCI DSS, and will make that task even easier.

InterSystems is the engine behind the world’s most important applications. In healthcare, finance, government, and other sectors where lives and livelihoods are at stake, InterSystems is the power behind what matters. Founded in 1978, InterSystems is a privately held company headquartered in Cambridge, Massachusetts (USA), with offices worldwide, and its software products are used daily by millions of people in more than 80 countries.

For more information, please contact Andreas Dieckow, Principal Product Manager, InterSystems.com/IRIS.

RELATED TOPICS

Other Resources You Might Enjoy

Take The Next Step

We’d love to talk. Fill in some details and we’ll be in touch.
*Required Fields
Highlighted fields are required
*Required Fields
Highlighted fields are required

By submitting your business contact information to InterSystems through this form, you acknowledge and agree that InterSystems may process this information, for the purpose of fulfilling your submission, through a system hosted in the United States, but maintained consistent with any applicable data protection laws.



** By selecting yes, you give consent to be contacted for news, updates and other marketing purposes related to existing and future InterSystems products and events. In addition, you consent to your business contact information being entered into our CRM solution that is hosted in the United States, but maintained consistent with applicable data protection laws.