Overview

CardSecure combines CardConnect’s powerful PCI-validated point-to-point encryption (P2PE) and patented tokenization for powerful payment data protection. 

Through the use of our tokens, which are considered outside of PCI scope, you can greatly reduce: 

  • The time spent on compliance management
  • The cost of annual audit
  • The possibility of the business falling victim to a breach 
  • The size of the PCI questionnaire (from 300 questions to a mere dozen for many businesses)

How it works

  1. Sensitive data is encrypted at the point of interaction, whether a credit card number is swiped, dipped or keyed into a terminal. 
  2. Encrypted data is securely escorted to our cloud-based  PCI-compliant CardSecure vault, where it is tokenized. This irreversible tokenization solution replaces sensitive information with valueless tokens, which are useless to a criminal hacker should a business’s system or network be breached. 
  3. Tokens are then securely returned to the system and can be used across a business’s omnichannel environment for the security of all payment acceptance needs. 

About Our Tokens

Compliant with data integrity checks including the Luhn test, CardConnect’s tokens are completely unique to each of our customers, applying only to a merchant’s associated accounts and identification numbers. 

  • Persistent or One-Time Tokens
    Tokens can be permanently generated to support recurring payments or new tokens can be generated for one-time use every time the card is accepted.
  • Custom + Secured
    Tokens generated are completely unique to each merchant and cannot be used outside of a merchant’s CardConnect instance.

CardSecure tokenizes sensitive information including: 

  • Credit card numbers
  • Bank account numbers
  • Social security number
  • Personal information (e.g. driver's license, email address, birth date, etc.)
  • Up to five additional custom data types

Sample Token Format

CardConnect generates 16-digit tokens to replace credit card numbers based on the below formula: 

Original Visa card number 4485290846919507 is tokenized to become 9449635287419507

  • A “9” is added to the front of the card number (no card brand issues cards that begin with this number)
  • First two digits of the original card number remain
  • Last four digits of original card number remain

CardSecure + ERP Integration

CardSecure is seamlessly integrated with ERP systems like Oracle, SAP and Infor using our complete suite of REST APIs and our support teams dedicated to guiding businesses from planning to implementation.

CardSecure + Bolt P2PE

The CardSecure solution for software vendors (ISVs) is integrated with our Bolt P2PE solution. Bolt P2PE is CardConnect’s cloud-based solution that allows businesses to seamlessly integrate payment acceptance into any existing systems. The solution also includes Bolt P2PE terminals which protect every transaction with a combination of P2PE and EMV technology.

CardSecure + Hosted iFrame Tokenizer

For online shops looking to remove their e-commerce platforms from the scope of PCI Data Security Standard controls and audits, CardConnect’s Hosted iFrame Tokenizer is used to securely process card-not-present transactions as it tokenizes data input by customers making a purchase on a website or mobile app’s payment page. 

CardSecure + Direct Integration

CardConnect recognizes businesses may have needs beyond our standard integrations. In these cases, we are pleased to assist customers (and their existing providers) who wish to use other terminal applications and integrate with our hosted services. In this case, CardConnect can provide terminals injected with CardConnect keys but utilize terminal applications from other providers. This scenario is consistent with our PCI DSS and potentially with our P2PE validation if the terminal application is a validated P2PE component. 

Related Content