Traditionally, online retailers have faced a difficult choice in complying with PCI Data Security Standards for e-commerce card payments. They could choose to outsource the protection of cardholder data by utilizing checkout webpages hosted by third-party payment providers. Or they could take on the full risk and cost of complying with PCI requirements themselves and offer their customers a more compelling checkout experience with custom online and mobile webpages.
CardLock, a new offering from PayPoint, claims to eliminate this trade-off:
“CardLock is an invisible token-based solution which has been designed to work alongside PayPoint’s payments API, allowing merchant websites and applications to retain their seamless consumer experience without the need to handle or store sensitive card data.”
“With CardLock, the merchant’s own user experience runs throughout the process, with sensitive card data discretely intercepted and secured by the PayPoint plugin prior to payment submission. This resolves some of the issues faced by merchants fulfilling their PCI DSS obligations, who do not want to move to a full-redirect model for e-commerce transactions and yet wish to significantly reduce the overall number of requirements to meet compliance standards.”
Overview by Alex Johnson, Sr.Analyst, Credit Advisory Service at Mercator Advisory Group
Read the full story here