A new web-hosted Tokenization technology from Shift4 Corp. is designed to let online retailers re-use customers’ credit card data under new security rules imposed by credit card companies, Shift4 says.
A new web-hosted Tokenization technology from Shift4 Corp. is designed to let online retailers re-use customers’ credit card data under new security rules imposed by credit card companies, the company says.
New security rules from Visa and MasterCard, the Payment Card Industry Data Security Standards, or PCI DSS, call on e-retailers not to store unencrypted credit card data after a customer’s account has been authorized to make a purchase. Retailers are expected to have data centers that can’t be hacked by intruders looking to steal consumers’ credit card data.
Shift4’s Tokenization technology is designed to provide that security of data storage through a web-hosted application, says Brett Williams, product manager for Shift4’s Dollars on the Net ($$$ on the Net) payment system, which serves as a gateway to credit card processors. Shift4 announced the Tokenization feature at last week’s Transaction Security Summit in Las Vegas.
“We make it easier to comply with PCI DSS by taking it out of the merchant’s hands,” Williams says. The Tokenization feature uses a virtual private network connect over the Internet to capture, encrypt and store credit card data in Shift4’s secured, PCI-certified database after each authorization. It then sends back to the merchant an encrypted token or partial account number, which is tied to the full encrypted account number in Shift4’s database. When a merchant needs to re-use a customer’s credit card account information – such as to adjust shipping fees or process recurring or incremental purchases without making the consumer re-enter account data – the transaction sends the token back to Shift4, which connects it to the full account information for forwarding to a credit card processor.
Williams says it would be impossible for criminals to steal the token from the merchant and translate it into usable credit card account information, leaving the entire liability for account data security with the Shift4 Dollars on the Net system.
The Tokenization feature is intended for small to mid-size retailers. Cost is based on transaction volume and ranges from about $25 to several hundred dollars per month, Williams says.