Hoang Leung Hoang Leung  on Data Security November 5, 2020

Secure Your Ecommerce Transactions for Compliance and to Monetize the Value of Your Data

As you consider how to collect payments for your ecommerce business you will also have to consider which form of payments to accept. The most widely accepted form of payment for ecommerce is card payment. As a result, you’ll have to determine how to collect card payment information in a PCI compliant manner.

API-based tokens keep you in PCI scope.

There are a handful of large merchants who will choose to take on the full burden of PCI Level 1 scope not realizing the amount of time and resources required. The vast majority of ecommerce merchants will look for a third party solution. Most often, they will select an API-based tokenization solution, falsely believing this keeps them safely out of PCI scope.

1

With an API based tokenization solution, however, the merchant is still required to collect the payment card data before it is tokenized. This basic step of accepting payments will put the merchant into PCI scope resulting in the PCI burden it was trying to avoid.

Payment Service Provider solutions and their trade-offs.

Some Payment Service Providers (PSPs) have addressed this issue by offering an iframe to collect card payment data to keep their merchant customers out of PCI scope. Unfortunately, iframes are fixed and inflexible. This generally leaves you with a look and feel that is very different from your brand, resulting in a user experience that is subpar. When you use an iframe, you also give up ownership of your data (best case scenario, you’ll have limited access).

Poor user experience and lack of data ownership are big tradeoffs for staying out of PCI scope, the latter perhaps the most important. Businesses are starting to realize that payment data is just as important as the payment itself. Mining this data and monetizing its insights can lead to huge revenue boosts thanks to increased customer satisfaction, finding new market opportunities, and more. If you give up data ownership and easy access to your data, you miss out on this critical opportunity.

Keeping you out of PCI scope results in removing the PCI Burden.

With Very Good Security (VGS), you get a comprehensive solution without compromise. VGS is a proxy-based solution that completely shields your network from touching any payment or sensitive data it collects. This means your enterprise is removed from PCI scope. All this can be achieved in a few weeks, with no new code.

2

Since you are out of PCI scope, you can focus business and accelerate your speed to market when launching new products and features. You no longer need to build in more time because you don’t have to worry about the burden of PCI scope. There is a reason why many large fintechs and financial institutions do not launch features and products more than once a quarter.

Unleash the Value of your Data and Accelerate your Business.

VGS leaves data ownership to your business. You are no longer locked into your PSP, and you can develop your own payment strategy. With the VGS multiplexing solution you can advance your CRM strategy with a 360 degree view of your customers; link any payment from any channel back to a single identity. If your business ever decides to change PSPs, you’ll have full data portability without the pain of a data migration project.

With full data ownership, you can advance your CRM strategy with a 360 view of your customers and be able to link any payment from any channel back to a single identity. If your business ever decides to change PSPs, you’ll have full data portability without the pain of a data migration project.

3

All you have to do now is determine how and when your business wants to monetize the data you own. But remember, you can’t monetize your data unless you own it and have access to it.

4

Subscribe to our Blog

Please enter a valid email address.