Payment Vault and Tokenization

HostedPCI’s payment vault and tokenization solution is the core of our PCI solution, that assist e-commerce and call center companies with PCI compliance. Our payment vault is a secure location that we use to store all of our clients credit card numbers. Once the credit card numbers has been inserted into the HostedPCI vault, the company will receive a token that can be used in the future. The token can then be stored freely on the clients servers because there is no way to decrypt the HostedPCI token to determine the original credit card.

Payment Vault Interfaces

The diagram below depicts the available interfaces to the payment vault. Our checkout express IFRAME solution automatically tokenizes real credit cards from within the merchant checkout system. Similarly, the call center interface is able to extract and tokenize real credit cards from within a live call session between a customer service representative and a customer.

Hosted PCI

Token Form and Structure

The token that is used by Hosted PCI looks like a real credit card. The first 4 digits and the last 4 digits of the token match those of the credit card number, but in fact the token is not a real credit card number. By default the token fails MOD 10 (Modulus 10) LUHN checks.

The Difference Between Payment Gateway Tokenization and HostedPCI Tokenization

Most payment vaults and tokenization solutions only cover the secure storage requirements for PCI compliance. The credit card data still has to be collected by your system, and that means your system is in scope for PCI compliance. We estimate that storing credit cards securely only covers 25% of the PCI Data Security Standard. That means you will still have to deal with 75% of the problem. Another difference to keep in mind is once you start using a payment vault, you are tied to that tokenization solution and the gateway providing it. HostedPCI is gateway neutral, which means a single token can be used across any payment processor, so the tokens are universal and you are not tied down to a single payment processor.