Modernizing payments in omnichannel retail

How removing sensitive data eliminated risk and helped simplify complex systems

About the company

As an international retailer of sporting goods and outdoor gear, Orvis collects sensitive personal and payment data via multiple channels to complete transactions. This can create a complex data environment that’s subject to significant risk and compliance scope, and protecting it can be difficult to manage without restricting the value and utility of sensitive data.


Industry: Retail

Location: Sunderland, VT

Company Size: Enterprise

Products Used: Hosted iFrame, P2PE & Transparent Gateway

Protect multiple channels

Orvis is a highly distributed organization of retail stores in the U.S. and UK. At the center are the two regional ecommerce websites for the U.S. and UK, as well as contact centers for call-in orders and email processing.

By integrating with the TokenEx platform to accept and cleanse data before it entered its systems, Orvis was able to safely store and transmit it without increasing risk or scope.

Additionally, by routing this data through an independent third-party platform, Orvis can maintain complete control of its data and integrate easily with revenue-management services such as fraud prevention, account updater, and more.

“Really, the TokenEx platform is designed to plug in and do everything you need it to,” Orvis Chief Information Security Officer Tyson Martin said.

Entrust your PCI to experts

As a result, Orvis reduced PCI scope by 90% unified its customer data across multiple channels and protected PII in addition to PCI. Plus, removing sensitive data from its environment enabled Orvis to better allocate its resources and focus on revenue-impacting areas.

“Our expertise is retail and customer service,” Martin said. “We don’t pretend to be able to build a totally secure system on our own. That’s where TokenEx comes in.”

How it works

Orvis encrypts cardholder data collected from POS devices and online checkout pages before sending it to TokenEx.

Once the data is captured, the PANs are exchanged for nonsensitive tokens that can be used for internal business operations.

When a repeat customer wants to make a purchase, Orvis simply calls TokenEx to detokenize the PAN, and then TokenEx passes that PAN to the appropriate processor or gateway to complete the transaction.

Minimize PCI scope

Orvis reduced PCI scope by 90 percent.

Orvis unified its customer data across multiple channels.

Orvis protected PII in addition to PCI.

“We never touch any payment data in our contact centers, retail stores, websites, or in the field. That’s a big relief.”

Tyson Martin

Chief Information Security Officer

How can we help
your business?

Connect with us to learn how we can generate similar results for you.

See more customer stories