Securely process recurring transactions with Element's tokenization technology, Payment Account Secure Storage.

Recurring billing lets me charge my customers automatically, providing convenience for them and a consistent revenue stream for me. With PASS technology, I grow my business, without endangering it since sensitive cardholder data is stored at Element's PCI compliant facility, not my location."

Mark Sturman,
Massage Envy Franchise Owner

As a merchant, you are probably aware that the payment card industry has strict security compliance requirements to protect against cardholder data breaches.

But what you might not realize is that the number one reason behind both cardholder data security compromises and the failure to comply with PCI DSS is the inability of businesses to protect stored data. In 2008, 89% of companies that experienced a data breach failed to effectively protect sensitive information, according to the 2009 Data Breach Investigation Report conducted by the Verizon Business RISK Team.

The security experts at Element Payment Services have an answer: PASS (Payment Account Secure Storage.) This innovative tokenization technology securely moves cardholder data to Element's PCI DSS compliant data storage facility. All that's left on your system is a unique identifier (token) that points to the actual data without containing any sensitive information itself. This allows you to securely process recurring bills, and transfer all risk of cardholder data storage. If your system were ever breached, the data stored at your location would be completely unusable to data thieves. You are able to offer customers peace of mind, knowing that all personal information is protected, while eliminating significant liability for your business.

How Does Element's Tokenization Technology (PASS) Work?

• Business accepts credit and debit cards in the usual manner.
• Business securely transmits cardholder data to Element's PCI DSS compliant storage facility.
• A unique reference pointer (token) is supplied by the storage facility for each record transmitted by the business.
• The token is now stored at the business in place of cardholder data.
• Future payment transactions are transmitted by the business using the token in place of cardholder data.

By removing the sensitive data from your software environment, PASS provides businesses the ability to easily comply with PCI DSS and transfers the risk of storing cardholder data. In a recent report by PricewaterhouseCoopers presented at a PCI Security Standards' Council Community Meeting, tokenization was highlighted as a "robust technology" that can help shift some of the risk and burden of PCI compliance from the merchant to the credit card processor.

A business that outsources data storage using PASS is also able to complete a shortened version of the annual PCI DSS assessment, the PCI SAQ. The length of the self-assessment questionnaire can be cut in half, from 31 to 16 pages. Read about how to do this in our blog post, PCI SAQ Made Easy.

Element Payment Services also incorporates end-to-end encryption into their payment processing system, which protects cardholder data in transit from being tampered with, copied, or deleted. Authentication is used to guarantee the sender and receiver of the information. All of this makes Element's processing platform one of the most secure products on the market. This, in turn, allows merchants to reduce their PCI DSS scope and transfer the risk of cardholder data storage to the industry leader.

Ready to learn more? Read our white paper on PCI DSS compliance with PASS. Or begin the steps to open a merchant processing account.