President and CEO,
Harms Software Inc.
The number one reason behind cardholder data security compromises is the inability of merchants to protect their
customer's stored credit and debit card data. Most companies that experience a data breach is in result of
failing to effectively protect sensitive information.
The industry standards of PCI DSS and PA-DSS have strict
requirements concerning the storage of sensitive credit and debit cardholder information within
software applications. Software providers can protect customers by implementing a secure offsite
data storage solution that utilizes tokenization technology.
TransForm® Tokenization Technology works
by moving the actual cardholder data offsite to Element’s PCI DSS compliant storage facility. Element’s servers
create and then return a unique reference pointer (or token) to the software application.
Encryption is used to protect cardholder data while in
transit. Using the token (which contains no actual cardholder data itself), merchants can bill a card on file and
schedule automatic payments. Tokenization
thus protects cardholder data at rest. Element's credit card tokenization solution is different from some other
implementations in that a token is produced per account, vs. per transaction. This helps to make token
When the responsibility to protect stored data, along with the risks of a security breach and resulting loss is
transferred to a trusted partner, business liability is dramatically reduced for merchants and software providers
alike. Since data thieves can't steal what a merchant does not possess, the opportunity for a security breach is
Eliminating on-site credit card storage has another benefit as well: simplified PCI DSS compliance
for your customers. In July 2010,
Visa released its Global Best Practices for card data tokenization
to provide guidance to merchants, vendors and service providers. With Visa’s expertise and experience
in the card data industry, they are able to provide great insight into the requirements and necessary
steps to bring security to the industry. In the Best Practices, Visa emphasizes the practice of
tokenization. According to Visa, when implemented properly tokenization reduces the scope, risks and
costs associated with ongoing compliance with the Payment Card Industry Data Security Standards (PCI DSS).
A business that outsources their debit and credit card data storage is also able to complete a shortened version of
the annual PCI DSS assessment, the PCI SAQ. The length of the self-assessment
questionnaire can be cut in half, from 31 to 16 pages. Read about how to do this in our blog post,
PCI SAQ Made Easy.
Element Payment Services also incorporates point-to-point encryption
into their payment processing system, which protects cardholder data in transit from being tampered with, copied,
or deleted. Authentication is used to guarantee the sender and receiver of the information. All of this makes Element's
processing system one of the most secure products on the market. This, in turn, allows merchants to reduce their PCI DSS
scope and transfer the risk of cardholder data storage to the industry leader.
Another unique feature of Element’s TransForm® tokenization technology is
Account Updater. Account Updater integrates with your software
application to provide seamless account updates to tokenized cards on file, helping your customers reduce lost revenue
from expired or cancelled cards.
Ready to learn more? Open a free test account or
view the specifications of the Element Express Processing
Platform, read one of our white papers on PCI DSS and PA-DSS compliance, or
Are you a merchant wanting to learn more about tokenization? Visit our merchant section of the site.