CardSecure combines powerful PCI-validated point-to-point encryption (P2PE) and patented tokenization for powerful payment data protection.

Through the use of our tokens, which are considered outside of PCI scope, you can greatly reduce:

  • The time spent on compliance management
  • The cost of annual audit
  • The possibility of the business falling victim to a breach
  • The size of the PCI questionnaire (from 300 questions to a mere dozen for many businesses)

How it works

  1. Sensitive data is encrypted at the point of interaction, whether a credit card number is swiped, dipped or keyed into a terminal.
  2. Encrypted data is securely escorted to our cloud-based PCI-compliant CardSecure vault, where it is tokenized. This irreversible tokenization solution replaces sensitive information with valueless tokens, which are useless to a criminal hacker should a business’s system or network be breached.
  3. Tokens are then securely returned to the system and can be used across a business’s omnichannel environment for the security of all payment acceptance needs.

About Our Tokens

Compliant with data integrity checks including the Luhn test, CardSecure's tokens are completely unique to each of our customers, applying only to a merchant’s associated accounts and identification numbers.

  • Persistent or One-Time Tokens
    Tokens can be permanently generated to support recurring payments or new tokens can be generated for one-time use every time the card is accepted.
  • Custom + Secured
    Tokens generated are completely unique to each merchant and cannot be used outside of a merchant’s CardPointe instance.

CardSecure tokenizes sensitive information including:

  • Credit card numbers
  • Bank account numbers
  • Social security number
  • Personal information (e.g. driver's license, email address, birth date, etc.)
  • Up to five additional custom data types

Sample Token Format

CardSecure generates 16-digit tokens to replace credit card numbers based on the following formula:

Original Visa card number 4485290846919507 is tokenized to become 9449635287419507

  • A “9” is added to the front of the card number (no card brand issues cards that begin with this number)
  • First two digits of the original card number remain
  • Last four digits of original card number remain

CardSecure + ERP Integration

CardSecure is seamlessly integrated with ERP systems like Oracle and SAP, using our complete suite of REST APIs and our support teams dedicated to guiding businesses from planning to implementation.

CardSecure + CardPointe Integrated Terminal Terminal 

The CardSecure solution for software vendors (ISVs) is integrated with our Point-to-Point Encryption (P2PE) CardPointe Integrated Terminal solution. The cloud-based CardPointe Integrated Terminal solution allows businesses to seamlessly integrate payment acceptance into any existing point of sale system. CardPointe Integrated Terminals protect every transaction with a combination of P2PE and EMV technology.

See the CardPointe Integrated Terminal API and CardPointe Integrated Terminal Developer Guides for more information on integrating the CardPointe Integrated Terminal solution with your application.

CardSecure + Hosted iFrame Tokenizer

For online shops looking to remove their e-commerce platforms from the scope of PCI Data Security Standard controls and audits, our Hosted iFrame Tokenizer is used to securely process card-not-present transactions as it tokenizes data input by customers making a purchase on a website or mobile app’s payment page. 

See the Hosted iFrame Tokenizer Developer Guide for more information on integrating the Hosted iFrame Tokenizer with your website or application.

CardSecure + Direct Integration

We recognize that your business might have needs beyond our standard integrations. In these cases, we are pleased to assist customers (and their existing providers) who wish to use other terminal applications and integrate with our hosted services. In this case, we can provide terminals injected with our encryption and payment keys but utilize terminal applications from other providers. This scenario is consistent with our PCI DSS and potentially with our P2PE validation if the terminal application is a validated P2PE component. 

See the CardSecure API and CardSecure Developer Guide for more information on integrating your application directly to CardSecure.