Managing Integration – Not All Tokenization Solutions Are Equal Part 2 of 3


Managing Integration – Not All Tokenization Solutions Are Equal Part 2 of 3

Integration is the ultimate litmus test to see if a product works or not. Integrations, by nature, cause IT departments to lose sleep at night. Introducing new technology into legacy systems, connecting multiple ERP’s, and avoiding latency when sending or receiving data across multiple channels are just a few of the hurdles to overcome in order to properly integrate tokenization to secure all data sets. Like any new technology, tokenization solutions have to be flexible enough to integrate to the most complex environments without impacting current business systems in a negative fashion. So, when organizations are looking to secure their sensitive data with one of any number of tokenization solutions available on the market today, they will inevitably face serious questions about integration. Who handles the actual integration, your organization or theirs? Who will manage the constant upkeep for years to come? Is integrating with cloud tokenization more expensive than on-premise over the long-term? If tokenizing payment data, do you get to integrate with whatever Payment Service Provider (PSP) best fits your organization, or will you be limited on who you can use? Will the new solution work with your existing analytic platforms? What about those you wish to add in the future? Flexibility is the key to an effective data security solution, because after all your IT environment is unique unto itself.

Internalizing Data Security Is Expensive And Risky

There is no shortage of on-premise tokenization vendors who will perform your integration, and some will do a pretty bang up job. However, there is a significant cost associated with hard-wiring an integration with the wildcard being, does it work in your environment? The problem is down the road with an on-premise solution where your iceberg of cost continues to grow, while you place your organization at severe risk by continuing to store toxic data in your environment. Patches, upgrades, fixes, software updates, hardware updates, etc. will become a part of your vernacular when dealing with on-premise integration. On-premise tokenization should be re-coined “ongoing growing expenses” with the annual amount of upkeep involved in maintaining an on-premise solution. Cloud tokenization solutions are around 40% less cost year over year with the most important issue of all, toxic data being safely stored in a cloud environment.

Complex Environments Need Flexibility And Scalability

Your internal environment is probably terribly complex, with the thought of a new integration into your environment being as exciting as watching snail racing. You may have multiple ERPs, legacy systems, cloud, etc., so flexibility is not even optional; it is mandatory. Flexibility translates into risk avoidance. The more options you have in regards to how you store, access, and secure your sensitive data with tokenization gives you the ability to reduce PCI compliance burden/scope, but most importantly if you are breached, then you expose no customer data. If you store tokenized data on-premise, then you are putting your organization in harm’s way and why take the risk, in the first place? If you can safely and securely manage all of your customer data from a cloud based solution, while significantly reducing your PCI compliance/scope you create a scalable data security solution that can grow with your business. There is no more buying servers, managing servers, hiring people to manage the servers, and all of the headaches that exist with managing an on-premise data security solution. 

It Seems Easier For Our Organization To Use Payment Gateway Tokenization

I have witnessed this happening to so many organizations who decide to lock in with one gateway because they use the same gateway for payment acceptance, making it “convenient.” Oftentimes, a free year of tokenization is used as bait. The caveat here is that the majority of gateways only offer rudimentary tokenization that only secures payment card data. Nothing is free, nothing. After you get your free year and the service is baked into your environment- and they aren’t meeting organizational objectives- what do you do? If you leave, they keep your data. So you stay. This should shock you; your very valuable customer payment data could forever be locked in your gateway’s environment with no real recourse on your end. Do you see how this little merry-go-round works? When all things are equal, then the "free" becomes fleeting. This happens all the time, so you should always ask a potential tokenization vendor about their data policies.

Open Integration Is the Only Way To Go

Why in the world would you limit your organization to only one PSP? What happens when that PSP experiences an outage in the middle of your busiest day? There have been several PSP’s that have taken multiple days just to simply admit that there was in fact an outage. You should have a backup ready for when that awful day arrives. Unfortunately, it happens far more often than you hear about. Not being able to accept payments for any amount of time can/will hamstring your organization with lost sales, ticked off customers, and cart abandonment. There are manualized ways to build logic into your acceptance channels to accept payments offline, but how do you validate the payments, fraud check, and most importantly, authorize the payments? You need redundancies with payment acceptance to guarantee that your customers will always have the ability to give you money. 

Transparent Gateway Makes Integration Straight-forward

A degree of complexity can be introduced when you have many PSP’s, each with their own messaging format. The more payment processors you have, the more message formats to keep track of and, of course, the more testing you have to perform in order to ensure accuracy. When you want to add a new payment processor, the web service API may need additional customization and testing. The TokenEx Transparent Gateway makes it simple for you to add and change payment providers without having to recode web service messaging. By simply adding to the HTTP message header a locator for the token that lies within the message, the TokenEx Transparent Gateway service swaps the PAN for the token, then forwards the message to the payment gateway. The response is returned to you in the same format you receive today. Simply put, your payment processing application code remains the same with only the addition of the http header. Testing is minimized and you have complete control of the choice of payment providers. Your payment data is secure. Your payment processing simplified.

Cloud Tokenization Vendors

The right cloud tokenization solution allows organizations in all industries to tokenize, securely vault payment and PII data, and integrate their business processes with payment providers and partners protecting them against fraud, inappropriate chargebacks, marketing analytics, and other services. The really cool thing about cloud tokenization is that oftentimes you can pay for the solution by the simple reduction in PCI compliance/scope. But, more than anything, cloud tokenization removes all toxic data from your environment. So, if you are breached- No Data, No Theft. You don’t have to internalize the management of your tokenization solution because after all, a true data security provider handles that for you.

TokenEx is the industry leader in cloud tokenization solutions. TokenEx is patented technology. Stay tuned for part 3 of 3 , Managing Data – Not All Tokenization Solutions Are Equal, where we go in-depth on tokenizing all data sets. Follow us on Twitter and LinkedIn.

Topic(s): data security , tokenization

Keep Up With Our PCI & Privacy Blog