Reducing PCI Compliance Scope: Take The Data Out

As your customers shop across channels - and they and your employees use mobile devices - managing payment security is becoming more complex, and likely more costly. Acromobile streamlines payment security management by eliminating contact with toxic payment account data.


Eliminate Toxic data contact during acceptance

Secure Acceptance technologies remove toxic payment account data from your systems at every point of interaction.

Secure Acceptance - Web/Mobile captures and transmits payment data straight from your customer to CyberSource, while still preserving your branding.

Eliminate Toxic Data Storage

Payment Tokenization stores sensitive payment data in Cybersource managed data centers, eliminating the need to store payment data in your environment.

Format-preserving tokens that cannot be reverse-engineered allow you to process payments, manage chargebacks and handle support queries safely.

Reduced Security Investments

CyberSource solutions reduce your PCI DSS scope as payment data is not captured and stored in your environment.

Centralized tokenization eliminates investment in encryption SW/HW across multiple channels.

Level 1 compliance with PCI DSS v3.1

Both Card Present (Retail) and Card Not Present (CNP) processing backed by Tokenization and Encrypted Fields.

In order to benefit from Salesforce’s PCI AoC, Acormobile uses "Platform Encryption" for supported fields types.

Payment Tokenization

Simply, tokenization is the replacement of sensitive data with a unique identifier that cannot be mathematically reversed. By using tokenization, you can completely move your customer’s credit card information out of the environment. You no longer need manage the storage, maintenance, or processing of that data; Acromobile takes care of that for you.

In your environment, tokens take the place of sensitive credit card data. Typically, the token will retain the last four digits of the card as a means of accurately matching the token to the credit card owner. The remaining numbers are generated using proprietary tokenization algorithms.


Benefits of Tokenization

Reduces PCI-DSS scope Format fits legacy credit card data fields
Renders credit card data meaningless to hackers Account Updater automatically updates payment data for fewer failures
Provides end-to-end security Works with existing systems or processor
Not mathematically reversible

Tokenization vs. End-to-end Encryption

Tokenization and end-to-end encryption (E2EE) are often positioned as an either/or solution, but this is not the case. While each technology has its place in payment security, tokenization is emerging as the primary solution for organizations seeking to mitigate the potential impact of a security breach as well as reduce their PCI scope and related costs.

Criteria Tokenization Encryption
PAN Data Displayed X
Mathematically reversible X
Reduces PCI Scope X
Rotation of Keys Required X
End to End Security X
Low-cost per transaction X
Format fits legacy credit card fields X
Centrally Managed X

and a lot more security features ...

 

Audit Trail

Field History Tracking

Record Modification Fields

Platform Encryption

Transport Layer Security (TLS) technology

Encrypt Fields and Files

CVV and AVS Support