A brand new way of paying online has been unveiled by US technology company Akamai.
Its Edge Tokenization service means that merchants no longer need to touch customers’ credit card details at any point during the course of a transaction. Edge Tokenization is being released later this month in both the UK and the US.
The solution stems from tokenisation, which converts credit card data into an anonymous token, reducing the risk to customer data on merchants' systems. However Akamai’s Edge Tokenization takes that technology a step forward by converting the data to a token before it comes in contact with the retailer’s IT systems. That means retailers no longer need to come in any contact with customers’ credit card details – eliminating the risk that they may lose data, and the work of keeping that data secure.
Rather than being kept on their systems, customers’ true credit card details, along with the anonymous token, are instead stored in a secure data vault that is managed by Akamai.
Retailers who use the service can still allow customers to pay on the same site on repeated occasions using one-click purchasing or by choosing from previously-used credit card details. But retailers still don’t come into contact with the full credit card number, since only the last four digits of the credit card number are available to them in an untokenised form.
That reduces the information and data that retailers need to supply to auditors checking they comply with the Visa and Mastercard payment regulations.
The payments processing side of the service is delivered by Akamai’s partner, Visa-owned Cybersource, which says that the conversion of credit card data to a token reduces the risk to retailers if information is stolen or if their systems don’t comply with the Payment Card Industry Data Security Standard (PCI DSS) set by Visa and Mastercard, whose deadline for compliance expired on September 30. The cost of a compliance audit alone can come to six figures, according to Michael Suby, vice-president of research at Stratecast, a division of Frost & Sullivan. That doesn't include the cost of the technology and data security required in order to become compliant.
“We’ve always maintained merchants shouldn’t seek to secure payment data, but instead eliminate contact with it,” said Michael Walsh, president and chief executive officer of CyberSource. “Akamai’s Edge Tokenization automatically combines the concept of hosted payment acceptance and payment tokenization with cloud-based web infrastructure, making it easy for online merchants to meet compliance requirements with less cost, complexity and time.”
Tom Leighton, chief scientist and co-founder of Akamai, said: “Meeting stringent PCI compliance standards often takes repeated efforts, significant investment and regular maintenance, translating into high costs and significant IT resources. We developed Edge Tokenization as a cost-efficient solution for Web retailers to complete transactions in the cloud securely and at scale, without sacrificing performance.”
More information is available here.