Avoid storing credit card data within your software environment using Element Payment Services' TransForm® tokenization technology and significantly reduce the scope of PCI DSS/PA-DSS compliance.

Contact Us Download P2PE White Paper
Being able to store cardholder data off-site is a real differentiator for us as a software provider. This lets our merchants meet critical PCI DSS requirements with no additional spending or effort on their part."

John Harms,
President and CEO,
Harms Software Inc.

The number one reason behind cardholder data security compromises is the inability of merchants to protect their customer's stored credit and debit card data. Most companies that experience a data breach is in result of failing to effectively protect sensitive information.

The industry standards of PCI DSS and PA-DSS have strict requirements concerning the storage of sensitive credit and debit cardholder information within software applications. Software providers can protect customers by implementing a secure offsite data storage solution that utilizes tokenization technology.

TransForm® Tokenization Technology works by moving the actual cardholder data offsite to Element’s PCI DSS compliant storage facility. Element’s servers create and then return a unique reference pointer (or token) to the software application. Encryption is used to protect cardholder data while in transit. Using the token (which contains no actual cardholder data itself), merchants can bill a card on file and schedule automatic payments. Tokenization thus protects cardholder data at rest. Element's credit card tokenization solution is different from some other implementations in that a token is produced per account, vs. per transaction. This helps to make token management easier.

When the responsibility to protect stored data, along with the risks of a security breach and resulting loss is transferred to a trusted partner, business liability is dramatically reduced for merchants and software providers alike. Since data thieves can't steal what a merchant does not possess, the opportunity for a security breach is greatly reduced.

How Does Credit Card Tokenization Work?


  • Business accepts credit and debit cards in the usual manner.
  • Business securely transmits cardholder data to Element's PCI DSS compliant storage facility.
  • A unique reference pointer (token) is supplied by the storage facility for each record transmitted by the business.
  • The token is now stored at the business in place of cardholder data.
  • Future payment transactions are transmitted by the business using the token in place of cardholder data.

Eliminating on-site credit card storage has another benefit as well: simplified PCI DSS compliance for your customers. In July 2010, Visa released its Global Best Practices for card data tokenization to provide guidance to merchants, vendors and service providers. With Visa’s expertise and experience in the card data industry, they are able to provide great insight into the requirements and necessary steps to bring security to the industry. In the Best Practices, Visa emphasizes the practice of tokenization. According to Visa, when implemented properly tokenization reduces the scope, risks and costs associated with ongoing compliance with the Payment Card Industry Data Security Standards (PCI DSS).

A business that outsources their debit and credit card data storage is also able to complete a shortened version of the annual PCI DSS assessment, the PCI SAQ. The length of the self-assessment questionnaire can be cut in half, from 31 to 16 pages. Read about how to do this in our blog post, PCI SAQ Made Easy.

Element Payment Services also incorporates point-to-point encryption into their payment processing system, which protects cardholder data in transit from being tampered with, copied, or deleted. Authentication is used to guarantee the sender and receiver of the information. All of this makes Element's processing system one of the most secure products on the market. This, in turn, allows merchants to reduce their PCI DSS scope and transfer the risk of cardholder data storage to the industry leader.

Another unique feature of Element’s TransForm® tokenization technology is Account Updater. Account Updater integrates with your software application to provide seamless account updates to tokenized cards on file, helping your customers reduce lost revenue from expired or cancelled cards.

Ready to learn more? Open a free test account or view the specifications of the Element Express Processing Platform, read one of our white papers on PCI DSS and PA-DSS compliance, or contact us.

Are you a merchant wanting to learn more about tokenization? Visit our merchant section of the site.

Key Benefits

  • Allows merchants to securely process recurring/scheduled or card-on-file transactions.
  • Helps merchants and software providers comply with PCI DSS and PA-DSS (PABP) requirements.
  • Significantly reduces liability for software providers and merchants.
Home | About Us | Contact Us | Investor Relations | Career Opportunities | Privacy Policy | Sitemap | Blog
1.866.435.3636 

Element Payment Services | 

Ease the PCI Compliance burden with Element Payment Service’s fully integrated payment processing solutions
500 North Juniper Drive, Suite 100 Chandler, AZ
 |  Phone: 866-435-3636
Element Payment Services, Inc., a Vantiv Company, is a registered ISO/MSP of Fifth Third Bank, Cincinnati, OH. |  © 2014 Element Payment Services, Inc.