Payment Vault and Tokenization
The heart of the Hosted PCI system is our tokenization solution. This is the data vault that allows us to store credit cards securely and out of sight. When a credit card gets put into our data vault, a token is created to represent the real credit card. The token is then used by the merchant and can be stored freely in any computer system outside of Hosted PCI. The token can never be decrypted outside of Hosted PCI so even if it ends up in the wrong hands, the number cannot be used to breach real credit card data.
Payment Vault Interfaces
The diagram below depicts the available interfaces to the payment vault. Our checkout express IFRAME solution automatically tokenizes real credit cards from within the merchant checkout system. Similarly, the call center interface is able to extract and tokenize real credit cards from within a live call session between a customer service representative and a customer.
Token Form and Structure
The token that is used by Hosted PCI looks like a real credit card. The first 4 digits and the last 4 digits of the token match those of the credit card number, but in fact the token is not a real credit card number. By default the token fails MOD 10 (Modulus 10) LUNH checks. However, on special request, Hosted PCI has implemented tokenization for merchants that pass MOD 10 / LUNH checks for merchants that have legacy systems that require this format.