Payment cards such as credit cards and debit cards allow the owner to make electronic payments on the Web or IVR. It is necessary to keep this card information secure to prevent fraudulent transactions. From an IT point of view, it is challenging to make merchant networks and information storage locations secure and maintain that security. Many incidents of credit card numbers being stolen have occurred.
In 2006, the major players in the Payment Card Industry (PCI) formed the PCI Security Standards Council. Payment cards such as credit cards and debit cards allow the owner to make electronic payments on the Web or IVR, and it is necessary to keep this card information secure to prevent fraudulent transactions. The Council works with merchants, banks, vendors, and developers to create and evolve standards for insuring cardholder data is used and stored safely.
Tokenization of cardholder information is a recent implementation to combat fraud. Instead of merchants storing credit card numbers, a token representing the credit card number is generated by the merchant’s Payment Gateway. This token is saved by the merchant, and can only be used by the merchant for future transactions. The Payment Gateway site itself is designed to be secure. Credit card numbers and their matching token can be safely stored there on the merchant’s behalf.
The Council also prohibits storing for example the CVV code. This is an additional 3- or 4-digit code printed on the card. Even if saved cardholder data is compromised, since the CVV code is not stored, fraudulent transactions can be prevented.
Primal’s PCI Compliance
For more than a decade the Primal Technologies’ system has allowed Wireless subscribers to safely and securely use Payment cards. Subscribers can use Primal Technologies self-serve web page to top-up their prepaid account. Credit Card information is inputted on a secure link and transmitted to the payment gateway. The subscriber also has the option to save credit card information for future use. In this case, the payment gateway can generate a token which Primal will save. In similar methods, the subscriber can enter credit card information via an IVR, or Customer Service can use Primal Skynet to safely enter the subscriber’s credit card information. To further reduce fraudulent transactions, the Payment gateway may request street address or zip code. This data can also be entered using the methods above. Primal remains committed to working with the Payment Card Industry Security Standards Council to keep cardholder data safe, including a 2017 initiative to upgrade to TLS 2.1 for secure communications.