Payment Tokenization Using Web Services
While a pure e-commerce organization receives all payment information through a web store shopping cart checkout process, your organization may have other ways in which you accept payments via the internet. For example, if you are a not-for-profit charity taking donations through call centers, mobile apps, and a web site, you want that payment data to be removed from your systems as early in the transaction as possible. That means tokenizing the payment card data as it is being captured, before it’s stored in your business systems. In an omni-channel environment, the more payment data you can tokenize, the lower your risk and the smaller the scope of PCI compliance. Among the tokenization solutions offered with the TokenEx Cloud Security Platform, API is a simple and effective method to safeguard your payment data.
Why Are Web Services Important To My Business?
Eliminiate storage of sensitive data
Fluent Web API -Pick your payload (JSON, XML)
Eliminate PCI Requirement 3
Simply put, a web service defines the communication and structure of messages between computing assets. Every time you fire up your internet browser to search for information, send a message, or make a transaction, you are calling on web services to do your bidding. The main function of any web service is to send or receive a request and perform an action. Because API are built on the language of the internet (HTTP), communication among computers is standardized and universal.
TokenEx provides API that accept requests from applications, browsers, and web servers to receive and store payment card data and return a tokenized version to your systems. A TokenEx API can also receive a token you’ve previously stored and send the related payment card data to a payment gateway for processing. Technically speaking a web service is an application programming interface (API) that you use to instruct your payment collection software to send tokenization requests to TokenEx systems and receive a token back. It’s the most open and simplest method for business systems to request a service.
Web services can be used in conjunction with browser-based encryption to provide additional security between the time the payment data is entered and it is tokenized.
API in Action
Using TokenEx API, you can program a variety of payment capture systems—such as point of sale device, a call center application, a ticketing/reservation system, or a mobile app—to redirect payment card data to be tokenized, securely vaulted, and processed by your payment provider without it ever being recorded by your information systems.
For example, a field service representative can use a mobile app to input a service call work order and the payment information. Using the TokenEx API, that app sends the payment card data directly to TokenEx to be tokenized. The token is transmitted back to your servers so that that actual card data never is recorded. Therefore, the scope of your PCI compliance is greatly reduced by a simple exchange of data between a mobile app and TokenEx via API. It really doesn’t get much simpler than that.
TokenEx API at Work
A Fortune 500 company with a global foundation of manufacturing, distribution, and retail outlets made securing their customer’s payment data a high priority after witnessing the disastrous data breaches of their peers. But with their global distribution of business outlets, achieving PCI compliance had been an elusive and costly endeavor. As long as payment data resided within their enterprise resource planning (ERP) system, risk was high and PCI compliance costly.
TokenEx integrated an API solution directly into the company’s ERP data flow, redirecting all payment data to TokenEx Data Vaults and returning tokenized data to the ERP databases. As a result only a minor island within the company’s ocean of ERP fell within PCI controls. The “PCI Island” where payment data was intercepted by the TokenEx web services was isolated from the rest of the ERP applications—with very limited and tightly controlled network access—greatly reducing the risk of data theft. This made it possible to make the island PCI-compliant, while removing the rest of the ERP systems from PCI scope. In addition, the millions of existing payment card records were removed completely from the internal databases, data vaulted at TokenEx, and replaced with tokenized information for use in the ERP system, eliminating the risk of toxic data to the company.
Ask Us How Tokenization Secures Your Business-Critical Information
Our clients depend on TokenEx to provide a complete and customizable tokenization solution for their environment and data. Let us explain how a unified cloud tokenization platform can help your organization secure all types of data. Contact us today to make an appointment to discuss your specific challenges.