Securing Mobile Apps for PCI Compliance
TokenEx Provides Two Methods To Keep Mobile Data Secure
It’s hard to imagine your daily business routine without the help of the ever-present mobile smart devices (phones and tablets). We rely on them for communication and collaboration, making and finding appointments, keeping track of schedules and shipments, and purchasing goods and services. Just about every task in our day is connected to that little device.
When you want to keep all processing of customer transactions in your own web server (instead of hosting the payment processing), but still need to tokenize the payment and PII data, you can choose to implement tokenization using browser encryption.
Behind The Glass
Now businesses are deploying mobile apps that connect with their ERP systems and empower their mobile workforce to check inventories, take orders, and accept payments. Not-for-profit charity organizations are equipping their field workers and volunteers to collect donations anytime and anywhere through their mobile devices. In both cases the apps are often being used on devices that are not controlled by the organization but owned by an employee or volunteer.
As we grow more dependent on mobile devices to keep track of payment and personal information, they become a mobile security risk. Yes, they’re protected with pass codes and more recently with fingerprint detection, so information is relatively safe from actual device theft. But what is really happening behind the glass as the apps trade transactions with back-office systems, banks, and service partners? How do you know the payment information is secure beyond the physical access to the device itself? What happens when you touch that “buy” button?
On the flip side, you may be designing and programming a mobile app that incorporates financial transactions for your business—or for a client’s business. An organization may be deploying your mobile app to its field workforce to collect payment and personally identifiable information. You may be designing loyalty apps for food service and stores. How can you be sure that data is safely transmitted to back office systems and multiple payment processors? An even larger issue looms—in order to keep all those mobile devices out of the scope of PCI compliance, you need to ensure that any payment data entered through a mobile app is never stored on the mobile device or transmitted to back office systems. Show stopper? Not if you use the TokenEx Cloud Security Platform.
TokenEx at Work With Mobile Apps
A TokenEx client develops mobile apps for charity organizations. These apps are deployed to field workers and volunteers who seek donations anywhere they can. The apps they develop are customized to their client’s donor base and branded with their look and feel. As their business grew, the app developer was faced with providing secure payment processing for the charities using their app. This was not their core capability and adds the costly and labor-intensive burden of PCI compliance.
By partnering with TokenEx, the app developer was able to link to the TokenEx Web Services API using a public key encryption call, sending all PANs entered from the mobile device and app directly to the TokenEx Cloud Security Platform. TokenEx tokenized the PANs and stored them in a data vault, and sent the data on to the charity’s payment processor of choice. Each charity has their own separate data vault for their donor information as well as their choice of payment processor.
This type of integration with the TokenEx Cloud Security Platform provides a double win—the charity is relieved of PCI compliance and gets a secure mobile donation app, and the app developer is relieved of the burden of payment handling.
If you are an app developer, you’ll be interested in an in-depth profile of how Relevant Mobile, a developer of mobile customer loyalty apps for restaurants, integrated their mobile payment processing with the TokenEx Cloud Security Platform, request the customer profile here.