Modernizing Payments in Omnichannel Retail

How removing sensitive data eliminated risk and obstacles to help simplify complex systems




As an international retailer of sporting goods and outdoor gear, Orvis collects sensitive personal and payment data from multiple channels to complete transactions. This can create a complex data environment that's subject to significant risk and compliance scope, and protecting it can be difficult to manage without restricting the value and utility of sensitive data.

“We knew we had to securely encrypt the transactions flowing through the ecommerce, email and phone contact center, retail store, and field point-of-sale channels to keep incoming payment and personal data safe,” Orvis Chief Information Security Officer Tyson Martin said. “But we also wanted to remove all the sensitive data from our internal IT systems so that in case of a breach, there would not be any customer data to expose.”

By integrating with TokenEx's Data Protection Platform to accept and cleanse data before it entered its systems, Orvis was able to safely store and transmit it without increasing risk or scope.

Icon-Reduce Scope

Minimize PCI Scope

Orvis leveraged the TokenEx platform to remove sensitive cardholder data from its environment, resulting in a 90 percent reduction of PCI scope.


We never touch any payment data in our contact centers, retail stores, websites, or in the field. And that’s a big relief.

Tyson Martin | Chief Information Security Officer, Orvis

Additionally, by routing this data through an independent third-party platform, Orvis can maintain complete control of its data and integrate easily with revenue-management services such as fraud prevention, account updater, and more.

“Really, the TokenEx platform is designed to plug in and do everything you need it to,” Martin said.

As a result, Orvis reduced PCI scope by 90 percent, unified its customer data across multiple channels, and protected PII in addition to PCI. Plus, removing sensitive data from its environment enabled Orvis to better allocate its resources and focus on revenue-impacting areas. 

“Our expertise is retail and customer service," Martin said. "We don’t pretend to be able to build a totally secure system on our own. That's where TokenEx comes in."


How it Works


DataFlow4x_TokenEx Overview



  • Orvis encrypts cardholder data collected from POS devices and online checkout pages before sending it to TokenEx.
  • From there, the PANs are exchanged for a nonsensitive token that can then be used by Orvis for internal business operations.
  • When a repeat customer wants to make a purchase, Orvis simply calls TokenEx to detokenize the PAN, and then TokenEx passes that PAN along to the appropriate processor or gateway to complete the transaction.

Connect with us to learn how we can generate similar results for you.