As a merchant, you are probably aware that the payment card industry has strict security compliance requirements
to protect against cardholder data breaches.
But what you might not realize is that the number one reason behind both cardholder data security compromises
and the failure to comply with PCI DSS is the inability of businesses to protect stored data. Most companies that
experience a data breach is in result of failing to effectively protect sensitive information.
The security experts at Element Payment Services have an answer: TransForm® Tokenization Technology. This
innovative tokenization technology securely moves cardholder data to Element's PCI DSS compliant data storage
facility. All that's left on your system is a unique identifier (token) that points to the actual data without
containing any sensitive information itself. This allows you to securely process
recurring/scheduled or card-on-file transactions, and transfer all risk of cardholder
data storage. If your system were ever breached, the data stored at your location would be completely unusable
to data thieves. You are able to offer customers peace of mind, knowing that all personal information is protected,
while eliminating significant liability for your business.
How Does Element's TransForm® Tokenization Technology Work?
- Business accepts credit and debit cards in the usual manner.
- Business securely transmits cardholder data to Element's PCI DSS compliant storage facility.
- A unique reference pointer (token) is supplied by the storage facility for each record transmitted by the business.
- The token is now stored at the business in place of cardholder data.
- Future payment transactions are transmitted by the business using the token in place of cardholder data.
Eliminating on-site credit card storage has another benefit as well: simplified PCI DSS compliance. In July 2010,
Visa released its Global Best Practices for card data tokenization
to provide guidance to merchants, vendors and service providers. With Visa’s expertise and experience
in the card data industry, they are able to provide great insight into the requirements and necessary
steps to bring security to the industry. In the Best Practices, Visa emphasizes the practice of
tokenization. According to Visa, when implemented properly tokenization reduces the scope, risks and
costs associated with ongoing compliance with the Payment Card Industry Data Security Standards (PCI DSS).
A business that outsources data storage using TransForm® tokenization technology is also able to complete a
shortened version of the annual PCI DSS assessment, the PCI SAQ. The length of
the self-assessment questionnaire can be cut in half, from 31 to 16 pages. Read about how to do this in our blog post,
PCI SAQ Made Easy.
Element Payment Services also incorporates point-to-point encryption
into their payment processing system, which protects cardholder data in transit from being tampered with, copied,
or deleted. Authentication is used to guarantee the sender and receiver of the information. All of this makes
Element's processing platform one of the most secure products on the market. This, in turn, allows merchants to reduce
their PCI DSS scope and transfer the risk of cardholder data storage to the industry leader.
Another unique feature of Element’s TransForm® tokenization technology is Account Updater.
Account Updater integrates with your software application to provide seamless account updates to tokenized cards
on file, helping your business reduce lost revenue from expired or cancelled cards.
Ready to learn more? Read our white paper on PCI DSS compliance with TransForm®
tokenization. Or begin the steps to open a merchant processing account.
- Helps assure compliance with PCI DSS requirements.
- Completely eliminates the liability of storing cardholder data.
- Facilitates recurring/scheduled or card-on-file transactions.