Five Reasons to Keep Your Order Processing Credit Card Numbers In-House

To help protect consumers’ sensitive data, including credit card numbers, the Payment Card Industry Security Standards Council (PCI SSC) has been ratcheting up compliance regulations.

Regulations state that all credit card data must be protected. Complex and costly, these regulations have become a real burden to small and mid-sized businesses.

To help businesses minimize the amount of data kept on hand, and thus minimize the burden of meeting regulations, a new data security technology was developed. “Tokenization” replaces a piece of sensitive data with a value that isn’t sensitive. Card holder data is then stored in a separate database or off-site in a secure facility.

Merchants cried for help when they were told to implement new security standards, and Card Processors answered this call with offers to take on the secure card storage burden for them.

Tokenization sounds like a cost effective way to solve a complex problem. However, for multi-channel merchants, off-site tokenization may not be the right solution. Why?

1. Lack of flexibility – As a multi-channel merchant, different channels and/or markets may require that you take advantage of offerings from different payment processers. Tokenization prevents you from doing this as you’re locked into one processor.

2. Data is no longer “physical” – Because tokenization is a “software as service” application, once you sign on, you’re locked in, and sometimes getting your data back in one piece can be difficult. And, if your vendor makes a change – or if tokenization technology changes – you’re stuck.

3. Lack of future security – Mergers and acquisitions happen between vendors, requiring you to change to another processor. What happens to your outsourced tokens?

4. Risk still a factor – Credit card numbers that simply “pass through” your website checkout screens still require you to answer the “SAQ-D” questionnaire, even if you don’t “store” the card numbers. Therefore, “SAQ-C” scope can only be achieved by using a processor’s hosted checkout page (similar to a native PayPal checkout call) that sends payment confirmation back to your website on behalf of the customer.

Additionally, tokenization will never solve the call center and retail risks of exposure when credit card numbers are entered or swiped into your system.

5. Can’t easily change processing vendors – With tokenization, you’re locked in to one processing vendor.

If you use a Payment Application Data Security Standard (PA DSS) certified software system such as InOrder, you can rest assured you’re keeping your data safe.

In addition, by keeping your order process credit card numbers in house, you can route your authorizations and captures for preferred card reorders, backorders, standing orders and continuity orders to a different payment processor any time you decide to change your processing vendor to get a better rate.

What’s your take on tokenization? Are you considering it? Why or why not? Leave your comments below.

Share on FacebookShare on LinkedInTweet about this on TwitterShare on Google+Email this to someone

No Comments

Leave a response

1 (888) 667-7332

Contact Us

Literature Downloads


Contact

Corporate Headquarters
Morse Data Corporation
16 Pierce Street
Dover, NH 03820
Toll Free: (888) 667-7332
Phone: (603) 742-2500
Fax: (603) 742-8178
Technical Offices
Morse Data Corporation
9661 W. 143rd St. Suite 200
Orland Park, IL 60462
Toll Free: (800) 860-9515
Phone: (708) 873-0010
Fax: (708) 873-9967

About