New service provides web merchants with fast, easy and cost effective PCI-DSS compliance.
Tenzing Managed IT Services (Tenzing), a provider of hosting solutions for Software-as-a-Service (SaaS) providers and Ecommerce systems integrators, yesterday announced the launch of PCI Assure, a new service that simplifies Payment Card Industry - Data Security Standard (PCI-DSS) compliance for e-commerce vendors. Its PCI Assure enables online merchants to capture customer credit card information from any website page while greatly shortening the PCI-DSS compliance process to a few easy steps. PCI Assure has already been integrated into major payment gateways, including Paypal Payflow Pro, Authorize.net, iPay and others.
The company mentions that PCI-DSS is a security standard for organizations that handle cardholder information for major debit, credit, prepaid, ATM and Point of Sale cards. The standard was defined by the Payment Card Industry Security Standards Council and created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is done annually by an external Qualified Security Assessor (QSA) for organizations handling large volumes of transactions or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
It articulates that the heart of the PCI Assure system is a unique tokenization solution. The 'data vault' allows the company to securely store credit card information. When credit card information is put into the data vault, a token is created to represent the real credit card. The token is then used by the merchant and can be stored freely on any computer system. The token can never be decrypted outside of PCI Assure so even if it ends up in the wrong hands, the number cannot be used to breach real credit card data.
According to the company, PCI Assure uses IFRAME technology that can be easily embedded into any web application. The PCI Assure IFRAME only captures credit card and card verification value or code (CVV) fields, leaving the remainder of the fields on the merchant's website. Its IFRAME is secure and 100 per cent Level 1 PCI compliant. Since a merchant's website never sees customer credit card information, their compliance process can be reduced to completing a simplified SAQ Type A.
It avers that PCI Assure was also designed for complete customization. Merchants just drop in the IFRAME and provide the company with a Cascading Style Sheet (CSS). It matches the credit card fields to the merchant's design template, increasing transparency and raising their customer's comfort level to complete their transactions successfully.
"With highly publicized data breaches on the rise, companies need to take a closer look at credit card security and PCI-DSS compliance," said Brian Shepard, Founder and CEO of Tenzing. "Whether a retailer is new to e-commerce or simply concerned about their current PCI-DSS compliance status, handling this in-house exposes their organization to significant risk, and requires extensive time and human resources to manage."
"PCI Assure allows for total flexibility at checkout," added Shepard. "Merchants know that the checkout process is where the biggest potential losses in conversion can occur, especially if users are redirected to other hosted payment page solutions. With PCI Assure, merchants benefit from fewer abandoned carts."