Reducing PCI Compliance Scope: Take The Data Out
As your customers shop across channels - and they and your employees use mobile devices - managing payment security is becoming more complex, and likely more costly. Acromobile streamlines payment security management by eliminating contact with toxic payment account data.
Eliminate Toxic data contact during acceptance
✔Secure Acceptance technologies remove toxic payment account data from your systems at every point of interaction.
✔Secure Acceptance - Web/Mobile captures and transmits payment data straight from your customer to CyberSource, while still preserving your branding.
Eliminate Toxic Data Storage
✔Payment Tokenization stores sensitive payment data in Cybersource managed data centers, eliminating the need to store payment data in your environment.
✔Format-preserving tokens that cannot be reverse-engineered allow you to process payments, manage chargebacks and handle support queries safely.
Reduced Security Investments
✔CyberSource solutions reduce your PCI DSS scope as payment data is not captured and stored in your environment.
✔Centralized tokenization eliminates investment in encryption SW/HW across multiple channels.
Level 1 compliance with PCI DSS v3.1
✔Both Card Present (Retail) and Card Not Present (CNP) processing backed by Tokenization and Encrypted Fields.
✔In order to benefit from Salesforce’s PCI AoC, Acormobile uses "Platform Encryption" for supported fields types.
Simply, tokenization is the replacement of sensitive data with a unique identifier that cannot be mathematically reversed. By using tokenization, you can completely move your customer’s credit card information out of the environment. You no longer need manage the storage, maintenance, or processing of that data; Acromobile takes care of that for you.
In your environment, tokens take the place of sensitive credit card data. Typically, the token will retain the last four digits of the card as a means of accurately matching the token to the credit card owner. The remaining numbers are generated using proprietary tokenization algorithms.
Benefits of Tokenization
|Reduces PCI-DSS scope||Format fits legacy credit card data fields|
|Renders credit card data meaningless to hackers||Account Updater automatically updates payment data for fewer failures|
|Provides end-to-end security||Works with existing systems or processor|
|Not mathematically reversible|
Tokenization vs. End-to-end Encryption
Tokenization and end-to-end encryption (E2EE) are often positioned as an either/or solution, but this is not the case. While each technology has its place in payment security, tokenization is emerging as the primary solution for organizations seeking to mitigate the potential impact of a security breach as well as reduce their PCI scope and related costs.
|PAN Data Displayed||X||✓|
|Reduces PCI Scope||✓||X|
|Rotation of Keys Required||X||✓|
|End to End Security||✓||X|
|Low-cost per transaction||✓||X|
|Format fits legacy credit card fields||✓||X|
and a lot more security features ...
Field History Tracking
Record Modification Fields
Transport Layer Security (TLS) technology
Encrypt Fields and Files
CVV and AVS Support