Transparency is the key to simplicity.
In payments, the goal is to remove the card holder data (PAN) from being stored or transmitted over the internet. Completely eliminating payment data from your computers and network is the only true way to ensure that your customer’s sensitive payment information is safe and secure. The best way to do that is with Tokenization.
Bolster the security of electronic transactions while minimizing the complexity of compliance
Our platform allows the merchant to off-board this information in a variety of ways during the payment process flow and replace the cardholder information in their system with a Token instead. Once a cardholder’s data has been replaced by a Token, the Token can be used in replacement of the cardholder information for all subsequent transactions from that customer.
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information without compromising its security. Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration. The Payment Card Industry Data Security Standard, an industry-wide standard that used by any organization processing credit cards, mandates that credit card data cannot be stored at the point-of-sale, on your computer in a file, or written down on any surface in your place of business, after a transaction has been completed. Tokenization was developed to meet this mandate, replacing credit card numbers in the Point-of-Sale, websites, mobile phones, with a 16-digit, randomly generated number resembling a credit card number. A token consists of alphanumeric characters, typically containing the last four digits of the card number, which represent miscellaneous cardholder data specific to the transaction underway.
In the payments industry, Tokenization has become a popular means of bolstering the security of electronic transactions while minimizing the complexity of compliance with industry standards and government regulations.
When an authorization request is made to verify the legitimacy of the transaction, the token is returned to the merchant instead of the card number, along with the authorization code for the transaction. The token is stored in the POS/PMS while the actual cardholder data is stored off-site in a secure, PCI compliant data center . The token is the only information that a merchant needs to store on-site, and is all they need to conduct multiple transactions, recurring billing procedures, incremental authorizations, etc.
Whats the answer?
Agnostic Universal Tokenization Platform
We believe that transparency is the key to simplicity. The APPS Tokenization Platform makes it simple for you to add and change payment providers without having to recode web service messaging.
By simply coding to one of our Tokenization API’s you can offload any kind of data you want to our Tokenization platform for storage, use and retrieval when and how you need it. Our Agnostic Universal Tokenization (AUT) service replaces the PAN, or any other data element you want to store with a reference Token and returns that token to you for use when and how you want. In payments we specifically store your PAN and PII data in the Token Vault, along with any other data needed to optimize your transactions with your payment processing provider, including Purchase Card data.
Then when you need the data, we can return it to you, or send it to the many different payment gateways we are connected to around the world. Therefore, keeping your data secure and safe.
Your data is your data.
Another benefit of the AUT is that it makes the gateway you are using irrelevant, as you can work with any gateway you want to. Tokens support all payment actions and checkout models including one-time authorization, capture and settlement, recurring and subscription billing, credit and partial credit, split capture, reauthorization, and standard checkout.
Tokenization makes it more difficult for hackers to gain access to cardholder data. Its implementation is said to simplify the requirements of the PCI DSS, as the systems that no longer store or process the sensitive data are removed from the scope of the PCI audit.
• Reduces PCI DSS scope
• Renders payment card data meaningless to hackers
• Reconciles chargebacks and payments without handling payment data
• Integrates with any gateway
• Support Account Updater
• Works with your current systems and processor/acquirer
Tokenization is not encryption.
Encryption is the masking of the payment data when it is transfer from the checkout terminal, site, mobile phone or other payment device to the gateway or payment processor. When typically, the middle 6 numbers, up to the entire payment string is encrypted and cannot be read, until it is unencrypted at its destination. Whereas Tokenization is the then subsequent removal of the payment data all together, and it is replaced with a piece of data that represents the payment data in its place. Often additionally security features are also added to Tokenized transaction that will tie the Tokens to a specific merchant or group of merchants known as Multi-Merchant Tokenization.
Recurring billing is not the same as Tokenization.
Tokenization is where the card or ACH is taken during the initial sale of the good or service and is replaced with a Token to represent the payment data going forward. The Token is a reference to the card or ACH itself, but the data is stored in a secure vault in the Tokenization Platform and designed to not to be displayed again. Typically, the first 4 and last 4 of the card or ACH is displayed during the customer subsequent checkout, so they know what card or ach is going to be billed.
A Token is then stored in the Tokenization Platform such that a merchant can access the Token as part of the customers profile, without needing to expose the credit card data or save the credit card data somewhere else in a non-secure way. The Tokenization Platform also allows for the Merchant to add, update or deleted customer profiles and payment data stored in the system without having to save the card data in a non-secure way.
Tokenization has been designed to allow the merchant to bill the customer on their credit card or checking account for new purchases they make, as opposed to recurring billing which is billing the same amount each time.
Universal Data Vault
THE IMPERATIVE OF SECURING SENSITIVE DATA
Information is truly the lifeblood of every organization in the global economy. All types of sensitive business-related data—from payment card and ACH data, personally identifiable information such as email addresses and Tax ID numbers, to healthcare records and technical trade secrets—must be kept secure from the continuous onslaught of hackers and agents of corporate espionage. In fact, it is difficult to define any type of information that you use for business that does not need to be kept secure. The Ponemon Institute, an independent breach research organization, calculates the cost of a data breach to be between $120-$250 per breached record. An average security breach can access millions of records and cost tens of millions of dollars. This does not even include the unmeasurable loss in customer trust and return business.
Unless you are in the business of data security, the degree of expertise needed to reinforce your IT infrastructure to safeguard your product, customer, and employee information is challenging at best. It is safe to assume your IT system is always under attack, and often comes from the least excepted way. It can be as simple as opening an email and exposing all your system. So, by storing critical business data offsite in a verifiably secure, cloud platform data vault, you obliterate the risks of at least one source of highly valuable data being exposed, while still being able maintaining near-instantaneous access to the information anytime and anywhere you need it.
TOKENIZATION VERSES ENCRYPTION
Most organizations have at least two different types of data sets with varying degrees of risk. Payment Card Data (PAN, ACH or other payment data) and the associated personally identifiable information (PII) is what hackers are looking for. Payment data types fall under the umbrella of PCI Compliance, that regulated and safeguarding financial information. PII data falls under GLBA, GDPR and other regulations depending upon where in the world you are located, as well regional, country and state legislation. No doubt you have read of the many recent successful hacks against both online and brick-and-mortar retailers as well as insurance organizations. While removing Payment Data and PII data out of your IT environment is the goal, and why Tokenization and Cloud based systems have become so pervasive, it’s not the only battle.
Most Organizations also have access to, or need to store, a wide range of PII data and non-public information such as socials security, EIN, healthcare records, financials, employee salaries, logistic records, and much more. A core goal in this day or Cloud Based platforms should be to offset as much risk as possible, into systems designed to protect that data for you, and have the scale to provide you with these solutions to you far more efficient and cost effectively then doing them yourself.
Tokenization platforms must be able to handle all types of data records, in many formats, and make them available on demand. When tokenizing sensitive data and storing it offsite in a data vault, you are protected even if your systems are breached. Tokenized data is practically useless to a cyber thief because the tokens you hold are meaningless to them. Thus, this then becomes the key differentiator between cloud tokenization versus using encryption solutions.
Accessibility To Your Data – Short and Long Term
What to consider when looking for a Tokenization solution, and why several will be needed. As a business you need to find the right solutions that meet your businesses needs. Payment Data Storages is one of the most critical and is designed to provide several crucial benefits:
- Reduce or eliminate the huge overhead of PCI Compliance.
- Remove all payment card data from their internal IT systems.
But the one that is considered the LEAST is the most IMPORTANT.
- Who Is Really Storing Your Raw Data and How Hard It Is to Get it Back?
While it has become a mission critical to secure and store payment data in a safe and cost-effective manner, the cheapest and easiest may not be the best choice and cost the most in the long term.
- My Token Provider Won’t give me my data back…
Many Tokenization providers, whether they are payment gateways, processors, or even Tokenization platform providers, do not want you to leave. So, they offer great incentives to get onto their platforms, knowing how difficult they can make it for you to get off of them when the time come.
Explore APPS for your business.
Explore APPS Payments Solutions or create an account to instantly start accepting payments. You can also contact us to design a custom package for your business.