For companies that conduct business via a web store or other e-commerce platform, accepting online payments is an integral part of frictionless customer experience. However, it also opens organizations to security risks, regulatory compliance obligations, and the responsibility of stewarding the sensitive data that traverses their environments. Protecting this data to maximize security while minimizing the scope of compliance and changes required to an existing system is essential for addressing these concerns efficiently. Many of our customers and partners reached out to us to help them solve similar issues, so we understand these pain points and how to alleviate them effectively. We built our new E-commerce Package with e-payments specifically in mind, combining our scope-reducing iFrame with our patented Transparent Gateway for a seamless e-commerce tokenization security solution.
About PCI DSS Compliance
If your organization accepts credit cards for payment, then it’s subject to the Payment Card Industry Data Security Standard (PCI DSS). Compliance with the PCI DSS is designed to protect merchants from vulnerabilities that can lead to fraud and the theft of cardholder data (CHD). Although the PCI DSS is not a law, compliance is required for organizations wishing to process card information from the major credit card brands, and noncompliant merchants that are the victim of credit card fraud will be fined by their acquiring banks. Fines can reach $100,000 per month in severe cases, and repeat offenders may lose their privilege to accept payment cards altogether.
Auditing or Self-Assessment
Depending on the number of payment card transactions you process annually, you will be required to demonstrate PCI compliance by either holding an on-site audit performed by a Qualified Security Assessor (QSA) or completing a self-assessment questionnaire (SAQ). PCI compliance audits can be both time-consuming and expensive. The primary method of reducing these burdens is limiting your PCI scope—the number of people, processes, and technology in your organization that are involved in the payment process. One of the best ways to reduce your PCI scope and the risk associated with storing CHD is through a process called tokenization—replacing the credit card numbers in your environment with nonsensitive equivalents, or tokens.
The TokenEx Ecommerce Package uses tokenization to minimize the PCI DSS scope of card-not-present (CNP) merchants who have a website and/or mobile application that accepts credit card payments. Our Ecommerce Package is designed specifically for ecommerce merchants, often reducing their PCI compliance requirements to those controls contained in a Self-Assessment Questionnaire A (SAQ-A). The SAQ-A comprises only 22 of the 322 controls in a full PCI DSS audit or the SAQ-D.
The TokenEx Ecommerce Package is designed to operate seamlessly in your payment flow by tokenizing the customer’s credit card number on your website or within your mobile app. When you need to process a payment transaction, the TokenEx Transparent Gateway enables you to send the transaction API call to the payment processor or gateway of your choice by transparently replacing the token with the credit card number.
For more information about our Ecommerce Package, PCI compliance, our Cloud Security Platform, or tokenization in general, contact us directly at firstname.lastname@example.org.