Paymetric’s Data Intercept Solutions keep sensitive cardholder data from entering merchants’ payment processing systems, dramatically reducing the cost and effort required for merchants to become fully compliant and secure.
The Problem
Any merchant that handles, processes or stores sensitive cardholder data is required to comply with the Payment Card Industry Data Security Standards (PCI DSS). Achieving compliance with the 12 PCI DSS requirements has proven to be onerous and costly for most merchants. And with data breaches continuing to increase, and the cost of such incidents rising, merchants who store cardholder data on-site are particularly vulnerable, even if that data is protected with encryption. That is why it is becoming increasingly popular for merchants to seek out ways to eliminate their liability to protect stored cardholder data and reduce or even eliminate PCI audit scope.
The average cost of data breach grew to $214 per customer record in 2010.
The Answer
Data Intercept Solutions for XiSecure™ On-Demand is a technology developed on a simple premise – capture the card number as early in the workflow as possible. The solution ensures that cardholder data never enters enterprise payment acceptance systems – SAP®, ERP, CRM, legacy applications and web stores. Merchants no longer store cardholder data on-site, but instead store tokens, eliminating the liability to protect that sensitive information and the associated cost of doing so.
How does it work? Sensitive information is intercepted and tokenized at the time of entry. This secure token is then provided to the merchant for use in authorization and settlement. .” A “token” is a surrogate value that represents the real number, but is useless to thieves and can be used just like the real card number to support on-going customer interactions like recurring payments. Raw data never enters the merchant system. Data Intercept Solutions offer the ultimate breach protection and by eliminating transmission and storage of sensitive cardholder data, merchants can drastically reduce the scope of their PCI audit.
If properly architected, Paymetric’s Data intercept Solutions may help merchants reduce PCI audit requirements from 205 to as low as 14, allowing significant savings.2
Features
- Prevents sensitive cardholder data from entering merchants’ enterprise payment acceptance systems
- Substitutes credit card numbers with “tokens,” rendering the data useless to thieves
- Provides logging information for PCI audit purposes
Benefits
- Easily distributable across an environment with multiple work stations
- Eliminates fees, fines and legal costs associated with a data breach
- Reduces scope and cost of achieving and maintaining PCI compliance
- May2 qualify merchants for Self Assessment Questionnaire A (SAQ-A), reducing the number of compliance requirements from 205 to 14.
Solution Options
Data Intercept for eCommerce
When a cardholder enters sensitive information through a merchant’s Web store, the raw data is transparently intercepted from the cardholder’s browser window. A token is generated and routed to the merchant’s server for authorization and settlement. The process completes in seconds, entirely transparent to the cardholder. The merchant never transmits, processes or stores the raw data, but instead only stores the token.
How it works: Data Intercept for eCommerce Diagram
Data Intercept for SAP®
A secure web page is invoked at each point where a user would enter a value into the SAP card number field. The card number is tokenized and the token is returned to SAP and automatically populates the original payment card field to be used for authorization. The user experience is seamless, normal workflow can be resumed and day-to-day business activities can be completed using the secure tokens. Because the real number was intercepted, it never enters the SAP system, placing it in a position to be removed from PCI scope.
How it works: Data Intercept for SAP®
Data Intercept Standalone
When taking a payment, a merchant accesses the Data Intercept Solution via a web browser that instantly generates a token for the cardholder’s data. This token flows through the enterprise payment acceptance system for authroization and settlement. The merchant never transmits, processes or stores the RAW data, but instead stores only the token.
How it works: Data Intercept Standalone
Understanding PCI Compliance
| Understanding PCI | PCI DSS Standards |
| Reducing Cost and Scope of PCI | PCI Compliance & Security Statement |
| XiSecure for Cardholder DataData Intercept For SAP | XiSecure™ On-Demand BenefitsXiPay™ On-Demand OverviewXiSecure™ On-Demand Features |
12009 Annual Study: Cost of a Data Breach, Ponemon Institute
2Consult your acquirer or QSA to confirm whether Paymetric’s Data Intercept Solutions will qualify you for PCI SAQ-A.
Paymetric Corporate Brochure
Secure ERP Payment Acceptance Solutions
An Introduction to On-Demand Electronic Payment Processing
A Receivables Management Solution Option
Outsourcing Payment Security
How outsourcing security technology is changing the face of electronic payment acceptance practices.
Pioneer Electronics
How Paymetric helped Pioneer Electronics maximize security, minimize risk and reduce SAP downtime to maintain compliance