Simply put, a web service defines the communication and structure of messages between computing assets. Every time you fire up your internet browser to search for information, send a message, or make a transaction, you are calling on web services to do your bidding. The main function of any web service is to send or receive a request and perform an action. Because API are built on the language of the internet (HTTP), communication among computers is standardized and universal.
TokenEx provides API that accepts requests from applications, browsers, and web servers to receive and store payment card data and return a tokenized version to your systems. A TokenEx API can also receive a token you’ve previously stored and send the related payment card data to a payment gateway for processing. Technically speaking, a web service is an application programming interface (API) that you use to instruct your payment collection software to send tokenization requests to TokenEx systems and receive a token back. It’s the most open and simplest method for business systems to request a service.
Web services can be used in conjunction with browser-based encryption to provide additional security between the time the payment data is entered and it is tokenized.
Using TokenEx API, you can program a variety of payment capture systems—such as point of sale device, a call center application, a ticketing/reservation system, or a mobile app—to redirect payment card data to be tokenized, securely vaulted, and processed by your payment provider without it ever being recorded by your information systems.
For example, a field service representative can use a mobile app to input a service call work order and the payment information. Using the TokenEx API, that app sends the payment card data directly to TokenEx to be tokenized. The token is transmitted back to your servers so that that actual card data never is recorded. Therefore, the scope of your PCI compliance is greatly reduced by a simple exchange of data between a mobile app and TokenEx via API. It really doesn’t get much simpler than that.
A Fortune 500 company with a global foundation of manufacturing, distribution, and retail outlets made securing their customer’s payment data a high priority after witnessing the disastrous data breaches of their peers. But with their global distribution of business outlets, achieving PCI compliance had been an elusive and costly endeavor. As long as payment data resided within their enterprise resource planning (ERP) system, risk was high and PCI compliance costly.
TokenEx integrated an API solution directly into the company’s ERP data flow, redirecting all payment data to TokenEx Data Vaults and returning tokenized data to the ERP databases. As a result, only a minor island within the company’s ocean of ERP fell within PCI controls. The “PCI Island” where payment data was intercepted by the TokenEx web services was isolated from the rest of the ERP applications—with very limited and tightly controlled network access—greatly reducing the risk of data theft. This made it possible to make the island PCI-compliant, while removing the rest of the ERP systems from PCI scope. In addition, the millions of existing payment card records were removed completely from the internal databases, data vaulted at TokenEx, and replaced with tokenized information for use in the ERP system, eliminating the risk of toxic data to the company.
Our clients depend on TokenEx to provide a complete and customizable tokenization solution for their environment and data. Let us explain how a unified cloud tokenization platform can help your organization secure all types of data. Contact us today to make an appointment to discuss your specific challenges.