PCI-DSS is a security standard for organizations that handle cardholder information for major debit, credit, prepaid, ATM and Point of Sale cards. The standard was defined by the Payment Card Industry Security Standards Council and created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is done annually by an external Qualified Security Assessor (QSA) for organizations handling large volumes of transactions or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
The heart of the PCI Assure system is a unique tokenization solution. The "data vault" allows Tenzing to securely store credit card information. When credit card information is put into Tenzing’s data vault, a token is created to represent the real credit card. The token is then used by the merchant and can be stored freely on any computer system. The token can never be decrypted outside of PCI Assure so even if it ends up in the wrong hands, the number cannot be used to breach real credit card data.
"With highly publicized data breaches on the rise, companies need to take a closer look at credit card security and PCI-DSS compliance," says Brian Shepard, Founder and CEO of Tenzing. "Whether a retailer is new to e-commerce or simply concerned about their current PCI-DSS compliance status, handling this in-house exposes their organization to significant risk, and requires extensive time and human resources to manage."
Tenzing’s PCI Assure uses IFRAME technology that can be easily embedded into any web application. The PCI Assure IFRAME only captures credit card and card verification value or code (CVV) fields, leaving the remainder of the fields on the merchant’s website. Tenzing’s IFRAME is secure and 100 per cent Level 1 PCI compliant. Since a merchant’s website never sees customer credit card information, their compliance process can be reduced to completing a simplified SAQ Type A.
PCI Assure has already been integrated into major payment gateways, including Paypal Payflow Pro, Authorize.net, iPay and others.
"PCI Assure allows for total flexibility at checkout," adds Shepard. "Merchants know that the checkout process is where the biggest potential losses in conversion can occur, especially if users are redirected to other hosted payment page solutions. With PCI Assure, merchants benefit from fewer abandoned carts."
PCI Assure was also designed for complete customization. Merchants just drop in the Tenzing IFRAME and provide Tenzing with a Cascading Style Sheet (CSS). Tenzing matches the credit card fields to the merchant’s design template, increasing transparency and raising their customer’s comfort level to complete their transactions successfully. [April 25, 2012]
Send this IT news to a friend