March 14, 2013, 2:16 PM

Tokenization helps ShopNBC cut its PCI-compliance costs in half

The retailer now stores codes that can’t be used to make purchases.

Lead Photo

TV and Internet retailer last year added tokenization, a technology that changes consumers’ payment card information into randomized codes, to its payment security strategy to make it easier for it to comply with Payment Card Industry Data Security Standards—a set of rules created by payment card networks to protect cardholder data.

The retailer had kept access to encrypted credit card data in-house. And that required a large number of servers that had to be maintained and PCI-compliant, says Joan Radtke, senior director of credit at ShopNBC, No. 91 in the Internet Retailer Top 500 Guide

The retailer wanted to use tokenization to add another layer of payment security, but doing so is a large project that would require a lot of manpower. So the retailer decided to outsource the job to payment processor Litle & Co.

Since the retailer implemented tokenization in last year, ShopNBC’s servers don’t receive a real credit card number. Instead, when a customer enters his card data, Litle & Co. receives the payment information, stores and processes the payment card information and creates a token assigned to that card that it then sends to ShopNBC. The token effectively substitutes payment card information with a code that is valueless if ShopNBC’s systems are compromised.

Radtke says that it was important to move sensitive payment card information off ShopNBC’s storage systems. The move reduced the number of ShopNBC servers that had to be PCI-compliant she says. And it has helped cut its PCI-compliance costs in half.

comments powered by Disqus




From The IR Blog


Adrien Henni / E-Commerce

E-commerce in Russia reshapes the warehouse industry

An American-led real estate company foresees e-retail driving demand for warehouse space.


Sven Hammar / E-Commerce

How to avoid becoming a victim of your e-commerce success

Understand your infrastructure’s usage and load characteristics to ensure good site performance.