For organizations that accept payment on mobile devices, it can be difficult and expensive to secure that sensitive data. Items in transit require encryption and careful handling, which can be a complicated task when using native applications. Because native mobile applications are limited by the operating system for which they were built, they require even greater effort to create custom coding, and they increase the scope of PCI DSS compliance scope by directly ingesting sensitive data.
Until now, the best way to address these issues was for merchants to format API calls and touch sensitive data while it’s changing hands—far from an ideal solution. However, TokenEx was aware of this issue, which was the impetus behind our new tokenization solution for native mobile applications—the Mobile API. This product allows merchants to tokenize sensitive payment data directly from a smartphone application without requiring them to handle sensitive data or make significant coding changes.
The result is the ability to add non-native functionality, specifically the tokenization of sensitive data on a native mobile application, to existing software. Here’s how it works.
Tokenizing Data from Native Mobile Applications
TokenEx's new Mobile API directly integrates our tokenization services with native mobile applications. By using the Mobile API, merchants accepting mobile payments can capture cardholder data from their customers’ iOS and Android devices, where it is then sent directly to the TokenEx API to be tokenized and stored, saving application development time and reducing PCI scope.
As data privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) continue to proliferate around the globe, it’s important to protect sensitive or identifying personal data as well as payment card information. With this in mind, the TokenEx Mobile API can also be used to pseudonymize or deidentify personal data using tokenization to help meet your data protection obligations under these laws.
TokenEx’s Mobile API enables organizations to securely accept and tokenize payment and personal data while giving them complete control over the look and feel of their applications. It also contains multiple security mechanisms and reinforces secure coding principles to ensure that sensitive data is safely accepted, managed, and stored.
Why it’s Important
Mobile applications continue to play an increasing role in our lives—from social networking to conducting financial transactions and tracking health and wellness. They also require the collection of an increasing amount of sensitive data to support this functionality. TokenEx provides multiple methods for organizations with mobile applications to secure this data, both on the mobile device and within the organization.
Utilizing the Mobile API along with other features of the TokenEx platform, such as our Transparent Gateway API, your organization can tokenize sensitive information at the point of acceptance and share it with an electronic health record (EHR) system or send it to a payment service provider (PSP) without having to detokenize first.
Three Modes of Tokenization
The TokenEx Mobile API can be used to tokenize sensitive data in three different ways:
In this mode, a mobile application can tokenize a data element such as a credit card number, account number, or a heath identification number.
For a credit card number that has been previously tokenized, the associated CVV number can be captured from the user by the mobile application and securely vaulted with TokenEx until the next payment transaction.
Tokenize with CVV
This mode enables the mobile application to tokenize both the credit card number as well as the associated CVV at once.
In the world of technology, efficiency and ease-of-use are guiding principles that drive innovation and growth. When coupled to create a more convenient customer experience, the results can be game-changing. Although we’re not quite ready to call our newest mobile product a “game-changer,” it certainly will change the way our customers are able to secure sensitive payment data captured from native mobile applications.