TOKENIZATION ELIMINATES RISK OF DATA THEFT, REDUCES PCI COMPLIANCE COSTS
Eliminating the risk of losing customer data requires a combination of encryption, tokenization, and cloud data vaulting to intercept incoming sensitive data at every possible entry point. This layered approach to data security ensures that no PCI or PII is accepted, stored, or transmitted by IT systems that could be hacked, infected with malware, or inadvertently exposed by personnel. For ticketing organizations, the TokenEx Cloud Security Platform provides layered solutions for the three main collection points for sensitive data: call centers, web shopping carts, and on-premise card readers.
CALL CENTER SECURITY
Even in the age of ubiquitous internet shopping, many people prefer the human touch when making complex travel plans—especially when the trip is for pleasure and an expensive investment. Call centers with experienced travel planners are still in demand for cruises, multi-city or country itineraries, and adventure vacations. In order to provide excellent service, call center operators need to collect significant PII and ultimately PCI to complete the reservation. All that sensitive data is entered and stored on workstations and databases that are virtual honeypots for hackers.
TokenEx provides several methods of securely working with PCI and PII data in the call center. Taking PCI over the phone can be made secure by using point-to-point encryption (P2Pe) pin pads at workstations. Once account numbers are captured and encrypted, the data is sent to the TokenEx Cloud via the TokenEx API to be decrypted, tokenized and vaulted. Tokens are sent back to the call center database for future billings. Since only the tokens are stored in the local business systems, workstations, web servers and databases remain out of scope of PCI compliance.
Call center operators can also use a web portal to input payment information. The TokenEx Browser Based Encryption can be used in the portal to instantly encrypt the PANs and transmit them to be tokenized, vaulted, and passed on to the payment gateway of choice for processing. This enables real-time processing of payments, while reducing the scope of PCI compliance.
These same processes can be used to secure any PII captured during a call. PII such as email addresses, bank information, passport IDs, and even medical information, can be tokenized and vaulted to ensure only the undecipherable tokens representing PII are stored locally for future processing.
WEB SHOPPING CART CHECKOUT SECURITY
Even when customers prefer the human touch of a call center to plan their events, additional payments can be made through a web portal and checkout page. The security objective is to provide real-time payment processing using only encrypted and tokenized data—once again keeping the web server secure and out of PCI scope. Organizations can choose to have TokenEx host the entire checkout page, which is fully customized to look and behave like the business web site design, or use the iFrame solution to only host the final payment fields. Either way, as customers enter their payment data into the web site, it is securely encrypted and tokenized, so that the actual PANs never enter the ticketing organization’s business systems. Only the tokens are returned to the business systems for recurring billing, analytics, and safe storage.
ON-SITE CARD READER SECURITY
Participating in events usually requires additional expenditures for food and services. Providing merchants and vendors with secure support to accept payment cards for everyday expenses requires a level of security akin to the call center P2Pe pin pads. Onsite merchants and event services should be equipped with P2Pe card readers to encrypt the account numbers immediately and store them in a local database. Away from port, the charges may need to be batched for transmission to the TokenEx Cloud when internet connectivity is regained, there to be tokenized and sent to the appropriate PSPs for processing.
OPEN INTEGRATION PROVIDES FLEXIBILITY IN PAYMENT SERVICES
With all these scenarios, the TokenEx Cloud Security Platform is tightly integrated into the existing business processes. TokenEx can act as a central integration point for fraud detection, chargeback prevention, and marketing analytics, passing the necessary payment data to the service providers in the format they expect, without the business systems’ accepting, storing, or transmitting any payment data.