Payment Gateway: Secure your E-commerce Transactions Correctly

November 5, 2020
Secure Your Ecommerce Transactions

Secure Your E-commerce Transactions for Compliance and Monetize the Value of Your Data

As you consider how to collect payments for your e-commerce business, you will also have to consider which form of payments to accept. The most widely accepted form of payment for e-commerce is card payment. As a result, you’ll have to determine how to collect card payment information in a PCI compliant manner.

API-based tokens keep you in PCI scope.

There are a handful of large merchants who will choose to take on the full burden of PCI Level 1 scope, not realizing the amount of time and resources required as well as the direct impact to their software/product development lifecycle. The vast majority of e-commerce merchants will look for a third party solution and select an API-based tokenization solution, falsely believing this keeps them safely out of PCI scope.


With an API based tokenization solution, however, the merchant is still required to collect the payment card data before it is tokenized. This basic step of accepting payments will put the merchant into PCI scope resulting in the PCI burden it was trying to avoid—and the time and resources its development and operations team will now be responsible for.

Payment Service Provider solutions and their trade-offs

Some Payment Service Providers (PSPs) have addressed this issue by offering an iframe to collect card payment data to keep its merchant customers out of PCI scope. There are two trade offs you have to consider when using the iframe provided by your PSP. First, the iframes are fixed and inflexible, so you may end up with a look and feel that is very different from your brand, resulting in a user experience that is less than you want. Second and very importantly, you need to give up ownership of your data; best case scenario, you’ll have limited accessibility.

Businesses are starting to realize that payment data is just as important as the payment itself. Mining this data and monetizing its insights can lead to huge revenue boosts thanks to increased customer satisfaction, finding new market opportunities, and more. If you give up data ownership and easy access to your data, you miss out on this critical opportunity.

Keeping you out of PCI scope results in removing the PCI Burden.

With Very Good Security (VGS), you get a comprehensive solution without compromise. VGS is a proxy based solution that completely shields your network from touching any payment or sensitive data it collects, resulting in removing your enterprise from PCI scope. All this can be achieved in a few weeks, with no new code.


Since you are out of PCI scope, you can focus business and accelerate your speed to market when launching new products and features. You no longer need to build in more time because you don’t have to worry about the burden of PCI scope. There is a reason why many large fintechs and financial institutions do not launch features and products more than once a quarter.

Unleash the Value of your Data and Accelerate your Business.

VGS leaves data ownership to your business. You are no longer locked into your PSP, and you can develop your own payment strategy. With the VGS multiplexing solution you can advance your CRM strategy with a 360 degree view of your customers; link any payment from any channel back to a single identity. If your business ever decides to change PSPs, you’ll have full data portability without the pain of a data migration project.

With full data ownership, you can advance your CRM strategy with a 360 view of your customers and be able to link any payment from any channel back to a single identity. If your business ever decides to change PSPs, you’ll have full data portability without the pain of a data migration project.


All you have to do now is determine how and when your business wants to monetize the data you own. But remember, you can’t monetize your data unless you own it and have access to it.


Hoang Leung Hoang Leung

Head of Payments Marketing at VGS


You Might also be interested in...


CPRA (Prop 24), Data Compliance, and Data Security: Here’s What you Need to Know.

Channin Gladden November 9, 2020

Card Scan

Securely Collect Data with the New VGS Collect CardScan Module for Mobile SDKs

Irina Ziakhor October 28, 2020

PII elections

2020 Election Security and PII Compliance

Kenneth Geers, PhD October 21, 2020