Without significantly altering its platform, Astute needed to minimize PCI scope in its production SaaS environment while still allowing its customers to store sensitive data. To accomplish this, TokenEx implemented its iFrame into the browsers of customer service agents, enabling TokenEx to capture, tokenize, and then store PCI, removing Astute’s system from scope.
“We pass the token on to the external web interface. From that point on, the customer service agent is working completely separately from our production environment. No cardholder data is traversing our network at any time.”
— Astute Chief Information Security Officer Chris Conner