The home improvement chain also said the malware responsible for the breach has been removed from all stores.
The e-retailer says the move reinforced security and aided repeat customers.
Online home furnishings retailer CSN Stores LLC added tokenization, a technology that changes consumers’ payment card information into randomized codes, to its payment security strategy last year and continues to integrate tokens into its business systems. The company, No. 61 on Internet Retailer’s Top 500 Guide, says its prime motivation for adopting tokenization is that it gives the company another layer of payment security.
“Security is on everyone’s mind in terms of fraud and how safe stored credit card information is,” says CSN Stores chief financial officer Nicholas Malone. Malone says CSN Stores began to consider developing its own tokenization program in-house a few years ago, but ultimately decided to go with a tokenization service introduced by its existing payment processor Litle & Co.
Malone says CSN used to keep access to its credit card data in-house from the point consumers submitted it during the ordering process to when the orders shipped; then the data were deleted.
But since the retailer implemented tokenization in June 2009, CSN’s servers don’t receive a real credit card number. Instead, when a customer submits card data, Litle & Co. receives the payment information, stores and processes the payment card information and creates a token assigned to that card. Litle & Co. then sends only the token to CSN Stores, effectively substituting payment card information with a code that is valueless should CSN’s systems be compromised.
Malone says getting the sensitive payment card information off CSN’s storage systems was important.
“With everything that has happened with company’s losing credit card data, there’s a big risk. Using tokenization makes me feel better and it makes our team feel better that we have it,” he says. It also makes CSN Stores’ insurance company more comfortable because not storing payment card data mitigates the e-retailer’s risk, he says.
Having implementing tokens in 2009, this summer the company started applying tokens in a way that offers added convenience to consumers. Previously, CSN did not permit customers to save their payment card data with the e-retailer because it didn’t want the responsibility of keeping that data secure. As a result, customers had to re-enter their payment card data each time they ordered. Now, customers can store their information and CSN keeps the token, which can be reused for every order, which saves the consumer time, Malone says.