Websites  »  

Secure Online Ordering Utilizing Tokens

All of our e-commerce sites that take credit cards for payment will use a token system to ensure the highest level of security.

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods which render tokens infeasible to reverse in the absence of the tokenization system, for example using tokens created from random numbers.[1] The tokenization system must be secured and validated using security best practices [2] applicable to sensitive data protection, secure storage, audit, authentication and authorization. The tokenization system provides data processing applications with the authority and interfaces to request tokens, or detokenize back to sensitive data.- Wikipedia

The steps associated with processing an order via the tokenization system follow: 

  • Customer submits an order
  • Customer data is transmitted directly to Authorize.NET and a customer ID and profile is created at Authorize.net, if one doesn’t already exist. The customer ID is associated with the customer record on your website.
  • The TOKEN, or customer payment profile is created at Authorize.NET and stored on the Clarity Connect servers and is associated with the proper customer and order.
  • When ‘Make Payment’ is initiated from the website, the TOKEN is used to validate the sale at Authorize.NET and is compared to the customer and payment profile.
  • Authorize.NET returns a transaction id and approval or declined response.

 

Improved security due to:

  • NO sensitive credit card data will be stored on Clarity Connect servers.  The NON-Sensitive data[1]that will be stored is:
    • Last 4 of the credit card number
    • Card holder name
    • Expiration date
    • Service code . This code indicates where the card is allowed to be used and for what
  • The TOKEN that is stored is associated with the customer and order profile for your site only. If the server is hacked and tokens are accessed, the token will have no value as it cannot be used in any way.

 


[1] Storing this data non-encrypted is PCI compliant

Additional Information