Overview

CardVault – Tokenization is the Simply Secure Payment Solution

“No Data Stored Means Less Risk.”

Protecting cardholder data is a big responsibility for any business accepting credit cards today. Failure to secure sensitive data exposes you and your company to a multitude of risks: regulatory, reputation, financial penalties and - in some cases - a firm's very existence if a data breach occurs. 3Delta Systems, Inc. (3DSI) is at the forefront of data security and storage solutions, providing data tokenization services since 2003.

Card Data Tokenization Improves Security, PCI DSS Compliance and Reduces Risk and Liability

CardVault® is an innovative card data tokenization and storage service which companies use to remove the risk of storing card information on internal systems while safely and securely processing card payment transactions. By storing cardholder data (Primary Account Number, or PAN) remotely at 3DSI's Payment Card Industry Data Security Standard (PCI DSS) compliant data centers, PCI compliance is improved for the merchant. With CardVault's extended storage record capability (5K bytes per record), HIPAA or other Privacy Act information can also be protected while simultaneously supporting business continuity plans by maintaining a secure copy of tokenized data off-site.

The Tokenization Concept and the PCI DSS

Valuable credit card data is replaced with value-less tokens.

A company or organization submits cardholder data to CardVault in 3DSI's secure payment processing network where it is encrypted and stored, and a token is assigned and returned to the merchant's system. The token, which corresponds to the customer's Primary Account Number (PAN), can be assigned by either the merchant or 3DSI. For example, actual credit card data (2123 3456 5678 6789) is replaced with a value-less token (AEGHV234AUD54367). Format-preserving PAN-emulation is also an option.

Thereafter, the company sends its transactions to 3DSI using that token instead of the actual card number. Using tokens does not change the company's payment processing experience--just like a purchase card or credit card, tokens can be used for sales, refunds, voids and credits. Tokens can be safely transmitted through the merchant's network among various applications, databases and business processes while the encrypted data is securely stored in CardVault's central data vault.

Because they have no meaning by themselves, tokens or aliases are useless to criminals if a company's system is compromised in any way. The premise of exchanging or substituting valuable data with value-less data is central to the tokenization model.

CardVault significantly reduces PCI DSS compliance costs versus holding the data on-premise and promotes streamlined certification. Depending on the specific implementation, PCI compliance can be augmented by CardVault either by providing strong compensating controls or by eliminating card data from the host environment completely.

Users also benefit from 3DSI's "Software-as-a-Service" (SaaS) proprietary electronic payment gateway, which supports every major merchant processing network for Level-3 or line item detail transactions. CardVault supports both real-time and batch processed transactions and can be combined with 3DSI's suite of payment services, EC-Zone, EC-Linx and EC-Batch, conveniently allowing clients to mix and match services cost effectively, depending on their business' needs.

Customers like Denis McNary, VP of Information Technology at U.S. Plastic Corporation, use CardVault to transfer their sensitive credit card and payment transaction data off-site where it is received, encrypted and stored at 3DSI's processing centers.