Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

PCI COMPLIANCE: SAVE MONEY BY DE-SCOPING WITH TOKENISATION

Rob-Crutchington

By Rob Crutchington – Director at Encoded www.encoded.co.uk

Tokenisation is a process of replacing sensitive card data with a sequence of numbers that, when used within a specific payment gateway, reference back to the card data without compromising its security.  This is particularly useful for organisations that take repeat or subscription payments for example membership fees.  This functionality is similar to having a Direct Debit in place, but instead utilises all the flexibility and benefits of a card payment scheme. Once the initial transaction is verified the card becomes trusted and any subsequent payments will not require details to be taken again until the original card expires.

Another benefit of Tokenisation is that if the payment fails for any reason neither the merchant nor the card holder are penalised,

Rob Crutchington

Rob Crutchington

unlike with direct debits.  Offering customers a new method of making regular payments adds value as well as raises an organisation’s customer service profile.  There is also a reduced risk of declined payments with tokenised cards, because a successful payment must be made prior to Tokenisation.

Using Tokenisation the whole payment process is faster, easier and more secure for regular customers while saving on time and resource for merchant organisations.

But how does this help with PCI compliance and save money?

To be PCI DSS* compliant organisations cannot retain customers’ card details; however, by working with a PCI compliant payments provider with a Tokenisation solution, merchant organisations can reduce the scope of the cardholder data environment (or de-scope).  De-scoping is the process to reduce the number of requirements for PCI compliance.  To become PCI compliant there are 12 requirements, consisting of 258 controls, designed to standardise controls surrounding card holder data and to protect consumers and merchants (organisations) against security breaches.  The payments provider handles the tokens taking responsibility for cardholder data security.  Therefore it is important to work with a Level 1 PCI DSS compliant payment service provider.

By implementing Tokenisation (also known as recurring or stored card payments) organisations can vastly reduce the scope of PCI compliance and increase data security.  Tokens can only be used by the PCI compliant service provider’s payment gateway and if they are stolen or written down the token is completely useless to anyone outside of the payment environment.

The process of Tokenisation means that payment card numbers are not stored in databases making it difficult for hackers and reducing the chances of cyber theft.  Furthermore if multiple payment methods such as agent assisted card payments, website and automated interactive voice response (IVR) solutions are configured to offer tokens, from a shared token pool, then the collection of card information in the contact centre can be removed completely allowing for only tokenised transactions to be taken by live agents.

Therefore, Tokenisation increases security of card holder details while minimising the cost and complexity of PCI compliance.  However, not all payment solutions can handle tokens and to get the full benefit of the process it is important that tokens are compatible across all payment methods including IVR, virtual terminal, agent assisted and web payments.

While an organisation’s responsibility for PCI compliance cannot be entirely removed, as the merchant account agreement is between the merchant organisation and its bank or acquirer, Tokenisation is a great way to de-scope for compliance purposes while improving the security of cardholder data and customer experience.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post