DataDivider has been a Level 1 Payment Card Industry (PCI) Data Security Standard (DSS) Service Provider since 2010. Over this time it has enriched its offering to address all aspects of a business’s PCI DSS requirements for all Cardholder Not Present (CNP) transactions. This includes ecommerce, contact centre, back office, reception desk and CNP store transactions. In all situations DataDivider is able to reduce the scope and cost of helping a merchant achieve and maintain PCI DSS compliance.
DataDivider helps organization reduce or eliminate their Cardholder Data Environment (CDE) footprint by minimising their exposure to cardholder data. This is achieved initially when capturing cardholder data within its iFrame services for ecommerce and through either its Data Capture Cloaking or DTMF Tone Muting solutions for telephone based transactions. Once having captured cardholder data with the minimum exposure to the merchant DataDivider can devalue this data through Payment Service Provider (PSP) or independent tokenization services. By replacing cardholder data with tokens before exposure to a merchant’s applications this can remove these applications from PCI DSS scope. Where merchants do not have wish to or do not have the ability to change legacy or packaged applications they can use DataDivider’s Interceptor to inject tokens into these applications. By having DataDivider’s Secure Cloud act as a proxy for their PSP merchants can simply de-scope their applications from PCI DSS by directing their payment transactions via DataDivider. Interceptor within a PCI environment has helped many merchants de-scope their outsourced cloud based applications ensuring that the cloud application is not exposed to cardholder data within the tokenization process.
DataDivider’s Virtual Keypad within its Data Capture Cloaking solution has proven to be one of the most cost effective techniques for merchants to de-scope their desktops, devices, data networks and backend applications. The simplicity of the solution, ease of integration and the ability to maintain the current business work flow has helped organizations to meet tight audit deadlines. Where organizations are additionally looking to de-scope their telephony infrastructure DataDivider’s DTMF Tone Muting solution is available to achieve just this.
Some merchants find themselves in a difficult scenario where their application package vendor does not offer tokenization services in their current release of the package or within the package at all. To avoid the potential cost of upgrade or where tokenization services are not available DataDivider’s Interceptor solution can de-scope the package whether it is cloud hosted or on premise. Utilising the same techniques of Interceptor described above through DataDivider’s iFrame, Data Capturing Cloaking or DTMF Tone Muting solutions DataDivider can capture cardholder data with zero exposure to the application and inject a format preserved token into the application. The injected token can meet all the edit rules of the application including identification of card type or issuing bank and passing a luhn algorithm for card validation. To the application the token is handled as cardholder data. At the back end DataDivider acts as a proxy for the PSP and as described above performs detokenization of the API payload within the DataDivider Secure Cloud before passing on to the PSP.