March 14, 2013, 2:16 PM

Tokenization helps ShopNBC cut its PCI-compliance costs in half

The retailer now stores codes that can’t be used to make purchases.

Lead Photo

TV and Internet retailer ShopNBC.com last year added tokenization, a technology that changes consumers’ payment card information into randomized codes, to its payment security strategy to make it easier for it to comply with Payment Card Industry Data Security Standards—a set of rules created by payment card networks to protect cardholder data.

The retailer had kept access to encrypted credit card data in-house. And that required a large number of servers that had to be maintained and PCI-compliant, says Joan Radtke, senior director of credit at ShopNBC, No. 91 in the Internet Retailer Top 500 Guide

The retailer wanted to use tokenization to add another layer of payment security, but doing so is a large project that would require a lot of manpower. So the retailer decided to outsource the job to payment processor Litle & Co.

Since the retailer implemented tokenization in last year, ShopNBC’s servers don’t receive a real credit card number. Instead, when a customer enters his card data, Litle & Co. receives the payment information, stores and processes the payment card information and creates a token assigned to that card that it then sends to ShopNBC. The token effectively substitutes payment card information with a code that is valueless if ShopNBC’s systems are compromised.

Radtke says that it was important to move sensitive payment card information off ShopNBC’s storage systems. The move reduced the number of ShopNBC servers that had to be PCI-compliant she says. And it has helped cut its PCI-compliance costs in half.

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Deepak Agarwal / E-Commerce

Back-to-school insights from a Top 100 online retailer

It’s the second-largest online shopping season, and one nomorerack.com CEO pays close attention to. Here ...

FPO

Kevin Sterneckert / E-Commerce

The ghost economy: an $800 billion retail data disconnect

A new twist on a classic holiday story that online retailers will relive in the ...

Advertisement