Learn how TokenEx took Astute's PCI compliance from zero to certified in a matter of months

Without significantly altering its platform, Astute needed to minimize PCI scope in its production SaaS environment while still allowing its customers to store sensitive data. To accomplish this, TokenEx implemented its iFrame into the browsers of customer service agents, enabling TokenEx to capture, tokenize, and then store PCI, removing Astute’s system from scope.

“We pass the token on to the external web interface. From that point on, the customer service agent is working completely separately from our production environment. No cardholder data is traversing our network at any time.”

— Astute Chief Information Security Officer Chris Conner


This case study explains how TokenEx and Armor partnered to offload Astute's scope without adversely affecting operations. This solution allowed Astute to:

  • Keep PCI out of its environment
  • Process payments via a common API or batch
  • Collect and temporarily store CVVs
  • Integrate quickly with minimal platform changes
Screen Shot 2019-03-01 at 1.42.03 PM

Download Astute Case Study