Steve Van Zoeren, Co-Founder and President, Anthology
Problem: Anthology, a book selling software, encountered the similar issue that many other Independent Software Vendors (ISVs) have faced. Pressure to get compliant by the credit card processing security standards put forth by the PCI Council. Steve Van Zoeren, the vice president of development at Anthology, sunk years of time and money into changing his software, and as he learned more about the standards, he realized that he might never be compliant if he continued down the path he was on.
“PA-DSS goes far beyond simply not storing credit card information,” Steve Van Zoeren explains. “For application developers, there are a whole set of rules around testing on separate networks, who has access to the software code, and more.”
Analysis of Alternatives: If an application is validated as compliant, it means it follows all the complex rules of PA-DSS. As Van Zoeren started down the road of getting validated for PA-DSS, he realized there were certain requirements that were going to be challenging.
Van Zoeren determined that to make matters easier on Anthology and its customers, the best course of action was to not pursue PA-DSS validation, but to remove his software entirely from the scope of PCI compliance. This meant removing card processing from Anthology, and instead relying on a third party vendor to handle the processing. After subsequent vendor evaluations, Van Zoeren decided to partner with Element Payment Services for its Hosted Payments solution.
Implemented Solution: With Element’s Hosted Payments, customers enter their credit card information into a secure web page, provided by Element, rather than by Anthology as was done in the past. Element’s Hosted Payments uses point-to-point encryption and tokenization technology to secure the card data. The data is immediately made into a form that is useless to hackers. This gave Van Zoeren and his customers the confidence that their valuable card information was not getting into the wrong hands.
Steve Van Zoeren then notified Anthology’s 1,500 customers of the transition, informing them of how their partnership with Element would help protect their customers’ valuable card data from the real dangers of credit card fraud. Though there was some pushback initially to have to replace old card terminals, once Anthology explained its position, it was clear that merchants had much to gain.
Results: The impact of using Element’s Hosted Payments solution is multi-fold:
While updates do financially benefit Anthology via new service contracts, and hardware and software sales, Van Zoeren says he didn’t make the software changes to financially benefit his company. Rather, his reasoning is something that should resonate with other software vendors who accept payments in their applications. Managing PCI compliance is something customers are going to need to do, and if you aren’t providing them with the secure solution, someone else will. You want to keep the clients you’ve worked hard to earn.
To learn more about PCI compliance, download our PCI Compliance Guide For Software Providers. And for more information about how Element can help you meet PCI compliance requirements, email us or call us at 1.866.435.3636.