-
Sensitive data is encrypted at the point of interaction, whether a credit card number is swiped, dipped or keyed into a terminal.
-
Encrypted data is securely escorted to our cloud-based PCI-compliant CardSecure vault, where it is tokenized. This irreversible tokenization solution replaces sensitive information with valueless tokens, which are useless to a criminal hacker should a business’s system or network be breached.
-
Tokens are then securely returned to the system and can be used across a business’s omnichannel environment for the security of all payment acceptance needs.
Overview
CardSecure combines powerful PCI-validated point-to-point encryption (P2PE) and patented tokenization for powerful payment data protection.
Through the use of our tokens, which are considered outside of PCI scope, you can greatly reduce:
- The time spent on compliance management
- The cost of annual audit
- The possibility of the business falling victim to a breach
- The size of the PCI questionnaire (from 300 questions to a mere dozen for many businesses)
How it works
About Our Tokens
Compliant with data integrity checks including the Luhn test, CardSecure's tokens are completely unique to each of our customers, applying only to a merchant’s associated accounts and identification numbers.
- Persistent or One-Time Tokens
Tokens can be permanently generated to support recurring payments or new tokens can be generated for one-time use every time the card is accepted. - Custom + Secured
Tokens generated are completely unique to each merchant and cannot be used outside of a merchant’s CardPointe instance.
CardSecure tokenizes sensitive information including:
- Credit card numbers
- Bank account numbers
- Social security number
- Personal information (e.g. driver's license, email address, birth date, etc.)
- Up to five additional custom data types
Sample Token Format
CardSecure generates 16-digit tokens to replace credit card numbers based on the following formula:
Original Visa test card account number 44**********9507 is tokenized to become 9449635287419507
- A “9” is added to the front of the card number (no card brand issues cards that begin with this number)
- First two digits of the original card number remain
- Last four digits of original card number remain
CardSecure + Hosted iFrame Tokenizer
For online shops looking to remove their e-commerce platforms from the scope of PCI Data Security Standard controls and audits, our Hosted iFrame Tokenizer is used to securely process card-not-present transactions as it tokenizes data input by customers making a purchase on a website or mobile app’s payment page.
See the Hosted iFrame Tokenizer Developer Guide for more information on integrating the Hosted iFrame Tokenizer with your website or application.
CardSecure + Direct Integration
We recognize that your business might have needs beyond our standard integrations. In these cases, we are pleased to assist customers (and their existing providers) who wish to use other terminal applications and integrate with our hosted services. In this case, we can provide terminals injected with our encryption and payment keys but utilize terminal applications from other providers. This scenario is consistent with our PCI DSS and potentially with our P2PE validation if the terminal application is a validated P2PE component.
See the CardSecure API and CardSecure Developer Guide for more information on integrating your application directly to CardSecure.