When you want to keep all processing of customer transactions in your own web server (instead of hosting the payment processing), but still need to tokenize the payment and PII data, you can choose to implement tokenization using browser encryption. In effect, this pushes the tokenization of payment data all the way out to the customers’ browser interface. Using strong RSA public-private key encryption at the browser level provides an additional shield to protect the payment data before it is tokenized. This ensures that payment data is never received by any part of your system in an unencrypted form, even before it is tokenized.
From the shopper’s point of view, they interact via their browser with your e-commerce page without any visible changes. TokenEx code intercepts the payment form entries and encrypts them, sending those values to your web server along with the order information, which your processes verify. The encrypted payment values are passed to TokenEx to be decrypted and stored, while the tokenized versions are sent back to your web server. The actual PAN and other payment details are passed to the payment processor as usual for validation and the approval code.
Browser-based encryption decreases the number of controls you need for PCI compliance (typically SAQ-A-EP) while keeping your final payment pages under your complete control so you can make frequent and rapid changes to your web site checkout processes. In contrast, while a hosted payment page offers slightly less control over rapid changes to the final payment page, it significantly decreases the scope and number of controls for PCI compliance (SAQ-A). Changes to hosted payment pages are made by TokenEx from your specifications, in a time frame based on the Service Level Agreement (SLA) in place. Either way, your checkout process is secure and company branding intact.
Why Is Browser-based Encryption Important To My Business?
No sensitive data touches web servers
Eliminates most controls from PCI Scope (SAQ-A-EP)