Web hosting company Tenzing Managed IT Services announced on Wednesday it has launched PCI Assure, a new service that simplifies Payment Card Industry – Data Security Standard compliance for e-commerce vendors.
The new service is a great value-add for hosting companies to offer their clients, as it gives end users more confidence that their credit card information will be secure.
With Tenzing’s PCI Assure, online merchants can capture customer credit card information from any website page while greatly shortening the PCI-DSS Compliance process to a few easy steps.
Definied by the Payment Card Industry Security Standards Council, PCI-DSS is a security standard for organizations that handle cardholder information to increase controls around cardholder data to reduce credit card fraud.
Validation of compliance is done annually by an external Qualified Security Assessor for organizations handling large volumes of transactions or by Self-Assessment Questionnaire for companies handling smaller volumes.
The PCI Assure system uses a tokenization solution where merchants are able to securely store credit card information into its data vault.
The technology creates a token to represent the real credit card, which the merchant can store freely on any computer system. The token can never be decrypted outside of PCI Assure so even if it ends up in the wrong hands, the number cannot be used to breach real credit card data.
The validity of PCI DSS was recently questioned when the PCI DSS-compliant Global Payments experienced a breach that affected about 1.5 million card numbers in North America.
“With highly publicized data breaches on the rise, companies need to take a closer look at credit card security and PCI-DSS compliance,” said Brian Shepard, founder and CEO of Tenzing. “Whether a retailer is new to e-commerce or simply concerned about their current PCI-DSS compliance status, handling this in-house exposes their organization to significant risk, and requires extensive time and human resources to manage.”
Tenzing’s PCI Assure uses IFRAME technology that can be embedded into any application, capturing credit card and card verification value or code fields and leaving the remainder of the fields on the merchant’s website.
Since a merchant’s website never sees customer credit card information, their compliance process can be reduced to completing a simplified SAQ Type A.
PCI Assure has already been integrated into major payment gateways, including Paypal Payflow Pro, Authorize.net, iPay and others. The service is designed for complete customization, so merchants can drop in the Tenzing IFRAME and provide Tenzing with a Cascading Style Sheet.
Tenzing matches the credit card fields to the merchant’s design template, increasing transparency and raising their customer’s comfort level to complete their transactions successfully.
On April 26 at 2 p.m., Tenzing is hosting a special event titled “E-commerce PCI Compliance Made Easy” where it will discuss the PCI Assure service.
Talk Back: Are you offering PCI compliance services? Do you think that a Java PaaS solution such as as Jelastic’s would benefit your own customers? Let us know in the comments.