Well-guarded and easily managed payment data
Businesses are using ecommerce technology to mimic that of a consumer online shopping experience. B2B ecommerce is being adopted as a new sales channel, augmenting traditional direct and channel sales strategies, including leverage their web presence into a buyer-facing extension of their CRM or ERP. And B2B sellers are increasingly using their web sites to handle more complex B2B product, contract management and pricing rules, pushing the final purchase online as well.
To support these developments, our Secure Checkout (and API) provides a data tokenization solution for secure real-time payment processing. What is Tokenization? Tokenization is a data security model that replaces sensitive data like credit card information in applications and database fields with a token. The sensitive card data is encrypted and stored in a central data vault, where it can be unlocked only with proper authorization credentials. The token can then be safely passed around in applications, databases and business processes, leaving the encrypted data the token represents securely stored in the data vault.
Think of Secure Checkout as a secure, hosted page, branded to look like your website or business invoice that collects, transmits, and stores cardholder data returning to your application a token value you can use to complete the order process. With Secure Checkout you can allow your clients to manage their own customer profiles including payment data. We will store this customer and payment information (card account or checking account) until you are ready to fulfill the order, supporting one-time, recurring and repeat buyers with cards on file for one click checkout.
Merchants and vendors alike say that one of their main deciding factors was how they could securely store customer profile information and sensitive payment card data in the cloud.
Here is a common processing scenario. During registration or check out, you capture your customer’s card details. This may potentially be the only time you would touch the card data. You can use three methods to get the card data to us for storage:
- Enter the information directly in to the Virtual Terminal.
- Use our API to enter the information directly to our hosted SSL Secure Checkout for storage and return to your application a token of this customer profile.
- Enter the information in to your application/site and have sensitive data immediately sent via the API connection to us for storage.
We consider Option 2 above to be the best option to reduce PCI Compliance Scope using tokenization. Once the customer profile is captured and stored, use the API to specify which customer profile (token) needs to be charged and how much it needs to be charged. In this scenario, your system manages the timing and transaction value to initiate recurring transactions. Through the API and via a token, your application / site never touches sensitive payment data.
Please Contact us with questions about Secure Checkout solutions to safe guard your payment data.