Keeping Customer Payment Data Safe From Breaches

Many software systems and e-commerce shopping carts provide their users the option of storing their customers’ credit card numbers for future use. This ability enables businesses to process their existing customers’ cards without the hassle of requesting credit card information for every purchase that customer wishes to make. Storing credit card data on a merchant’s system, however, introduces tremendous risks – a data breach to a merchant’s system can expose credit card data, and the merchant may be liable for damages that ensue. Additionally, storing credit card information requires a very stringent level of PCI compliance which can be quite a hassle, as well as costly, to the merchant. Tokenization solves all of these problems.

Here is how it works: A token is a random string of characters that to Fidelity represents credit card data but nothing to anyone else. Every time a transaction that is setup with tokenization is sent into Fidelity for processing, Fidelity stores that card on our secure and PCI-compliant systems, then creates a token and returns it with the transaction response. That token is connected only to the account that submitted the transaction and cannot be used by anyone else. The software system stores that token in their database instead of sensitive credit card data, and when sending in a transaction they wish to run on that card, would send that token to Fidelity in the place of actual credit card information. Fidelity then processes the transaction on the card that token represents. In the case of a breach to the merchant’s database, all a hacker would now find would be random strings of data.

Tokenization represents security and compliance while maintaining business efficiency and processes. If you currently store live credit cards in any of your systems, contact us today to get setup with tokenization.