Tokenization is now offered for resale of variable sales amounts. Enter card data one time only via PCI Compliant interface. The system will generate a token for you. To process future transactions, enter the TOKEN instead of card data, which can never be seen again.

The card data is encrypted and is never stored on your servers or computers. The token, which is worthless to others, is your way to submit future billing requests.

Tokenization and PCI DSS (payment card industry data security standards). PCI compliance is streamlined with tokenization and our end-to-end encryption solution.

The average user will submit cardholder data via the virtual terminal RESALE function. A token is automatically generated which you then store offline. To rebill, simply submit the token in lieu of the actual card number.

TYPICAL REPEAT SALE SET UP FOR RETAIL ENVIRONMENT:

- Merchant has customer fax a standard approval form with card data.

- The paper is filed in a locked drawer with limited personnel access. CVV is never stored.

- Merchant retrieves the information and key enters the transaction on a virtual terminal or desktop terminal when they need to rebill the customer.

- Merchant prints receipt and mails or faxes to the client.

TYPICAL REPEAT SALE SET UP FOR RETAIL ENVIRONMENT WITH CENPOS AND CARD IS NOT PRESENT:

- Merchant has customer fax a standard approval form listing the last 4 digits of the card only,  an email field, and with language about opting-in to receiving email from the merchant.

- Merchant gets card data over the phone and directly enters it into the secure virtual terminal using the RESALE button.

- Merchant copies the TOKEN  generated onto the merchant approval form which is then stored, in a locked drawer with limited personnel access.

- Merchant retrieves the token and key enters the transaction details on a virtual terminal or desktop terminal when they need to rebill the customer.

- Merchant uses the automated email function to send the customer a receipt, or prints receipts the old way.

What if the customer is in the store for the first order, but then won’t be there later when you bill more? You’ll swipe the card as usual, using the resale button. The cashier will be prompted for address and other data as if the customer is not present.

The first transaction will process via your retail swipe account. The future card not present transactions will process via your MOTO account, automatically, when you key enter the transaction later. This is a significant competitive product difference from any other solution you may looked at.

1. Merchants will qualify for the best interchange rate for each type of transaction, thereby lowering costs.
2. Merchants will meet the card association requirements for proper presentment to reduce risk of chargebacks from disputes. (Different rules apply about data submitted and signatures on swipe vs moto.)
3. Both transactions will be in a fully PCI Compliant environment, reducing risk of liability from improperly protecting card data.
4. Cashiers are removed from any decision making that can affect your rate qualification in every transaction. The system will automatically prompt for data needed based on transaction parameters.
5. Best of all, no terminal progamming updates! The hosted solution is always current and any terminal connected is simply a slave of the system.

Because they have no meaning by themselves, tokens or aliases are useless to criminals if your customer hard copy files were compromised. Per the PCI DSS standards for your organization, you’ll need to have your workstations scanned that you enter transaction on.

Ideal solution for any B2B companies with corporate customers. Sign up for RSS for more details on this feature. For a demo, call the hotline at the top of this web page.

Related articles: Can you store track data and be PCI Compliant?
Storing CVV codes so you can rebill

TransArmor^SM Solution Piloted by Spectrum of Brick-and-Mortar and Card-Not-Present Retailers; First Commercial Transaction Tokenized on STAR ® Network

RSA CONFERENCE 2010 SAN FRANCISCO, March 1, 2010 First Data Corporation, a global leader in electronic commerce and payment processing, today announced the expansion of a merchant pilot of the First Data^® TransArmor^SM solution. More than 400 U.S. merchants of all sizes will assess the comprehensive data security solution over the next four months. The TransArmor solution (previously called First Data^® Secure Transaction Management^SM) was developed in close partnership with EMC Corporation (NYSE: EMC).

The TransArmor secure payments service is designed with the needs of merchants in mind, and it has the opportunity to fundamentally change the way merchants secure and manage cardholder data. The TransArmor solution addresses the root cause of merchant data security issues by removing payment card data from the merchant environment as part of processing the transaction, significantly reducing risk and the scope of PCI compliance efforts.

Deploys RSA SafeProxy Architecture
The solution leverages the RSA SafeProxy^TM architecture, a powerful combination of asymmetric encryption, tokenization and key management engineered to provide the benefit of end-to-end protection and eliminate on-site cardholder data storage for merchants. Unique features of the token make it possible for merchants to continue to handle key business functions such as returns, recurring billing, loyalty programs and other analysis, without enabling card data to be used for fraudulent transactions.

On Feb. 26, 2010, the TransArmor solution tokenized the very first commercial transaction over the STAR ® Network at the Center of Science & Industry (COSI) in Columbus, Ohio. A First Data company, STAR is one of the nation’s leading electronic funds transfer (EFT) networks with more than two million retail and ATM locations.

As an early participant in the TransArmor pilot, COSI is already experiencing the benefits of the solution. Like most consumers today, several of our customers had concerns about the safety of their credit and debit card data while visiting our center. TransArmor gives us peace of mind that their payment card data is locked in a virtual vault at First Data and nowhere on site at COSI,” said Brad Morgan, senior IT operations manager at COSI.

Works with Existing Merchant Hardware
Unlike some solutions in the marketplace, the TransArmor solution can be implemented without the need for new hardware or back-end IT operations. The solution works with First Data as well as other terminals or point-of-sale systems and can be consistently applied across brick-and-click environments.

The response from merchants interested in participating in this trial has been enormous and a testament to the sought-after service TransArmor delivers said Craig Tieken, vice president of Merchant Product Management at First Data. Up until now, there have been few easy and cost-effective solutions to the growing problem of managing the risks of handling sensitive payment card data. TransArmor represents a fundamental change in how merchants can confidently protect and manage cardholder data.

The consequences of a merchant data compromise in legal, financial, consumer confidence and brand loyalty terms can be overwhelming. According to the 2009 U.S. Cost of a Data Breach Study by the Ponemon Institute, the average cost for merchants coping with a data breach in 2009 rose to $6.7 million with the cost per customer record breached estimated at $204. With the TransArmor solution, customer card information is retained only at the processor and protects merchants from the dangers of malicious attacks designed to steal payment card data in transit or in storage from merchant databases.

Implementing effective data security can’t mean more complexity for businesses, said Brian Fitzgerald, vice president, Marketing, RSA, The Security Division of EMC. TransArmor successfully embeds industry-leading security technology into the payment processing infrastructure to make it available to, and more importantly, usable, by merchants of all sizes. TransArmor is an example of the type of partnerships required from industry leaders that will reduce the reliance on point solutions and enable an industry ecosystem with pervasive built-in security.

Teams from RSA and EMC Consulting worked collaboratively with First Data through product strategy development and technology proof of concept for a successful pilot and product launch.

About First Data
First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries