Salesforce PCI Compliance
Payment Card Industry Data Security Standards (PCI DSS), is a set of standards determined by the PCI Security Standards Council which protects consumers credit card data. All companies that collect, store and exchange card holder data must comply with the PCI standards. The standards were created to assist organizations that process credit cards to protect from fraud through increased controls around data and its exposure to compromise. The controls through PCI surround, collecting, processing, storing and exchanging cardholder data.
Salesforce is a cloud computing and enterprise Software-as-a-Service (SaaS), that companies can use for their Customer Relationship Management (CRM). CRM is used to keep track of leads and potential clients across many different platforms., such as marketing, sales and services. CRM is a great way for companies to manage and analyze customer interactions and performance, by gathering information across all different channels.
HostedPCI has developed a Salesforce App that provides PCI compliance to eCommerce and call center companies who use Salesforce to track and store customer data when credit card payment interaction is required. HostedPCI’s has two main solutions available for Salesforce, our iFrame solution as well as our IVR solution, these solutions collect, store and exchange credit card data through HostedPCI servers so that the company does not see or touch the credit card information on their servers. In place of the real credit card, companies are given a token which they can store freely and use for purchases and returns.
HostedPCI Salesforce App
The Salesforce App allows a seamless integration with existing Salesforce environments that will allow companies to either have an internal or external (publicly accessed) checkout page that they could use with the HostedPCI solution. Within the salesforce payment terminal HostedPCI has now added 3D secure capabilities in order for companies to have more security against chargebacks and fraud.
The code is available for all clients to freely use and modify to fit their needs, the current sample app that comes by default is just an example and can be used as is or easily manipulated to fit your specific requirements. The default settings use the HostedPCI API for credit card operations auth, capture, sale, void and credit. The API also allows the use of any payment processor that is already integrated by HostedPCI. The full list can be seen here: HostedPCI supported payment processors.
The following screen shots show an external and internal sample of the checkout page for the Salesforce environment.
The following screen shot shows a report within the Salesforce platform which contains the tokens and transactions that were processed through the internet/external checkout page.
The structure of the HostedPCI tokens is as follows:
4444-3333-2222-1111 is a representation of a real credit card.
4444-XXXX-XXXX-1111 is a representation of a HostedPCI token.
The API is going to generate a token that will keep the first 4 digits and last 4 digits exactly the same as the real card but the masked 8 digits in between are going to be completely different.
In the example below, during the checkout phase we entered a test credit card number 4111-1111-1111-1111 but during the report phase of the Salesforce app, the token that was returned by HostedPCI is 4111-0000-0011-1111.
In the view below Salesforce shows all the transactions that occurred with the same credit card token (same credit card number).
HostedPCI’s IVR in SalesForce
HostedPCI has now integrated our Call Center Solution into our SalesForce App, the image below is a screen shot of our IVR within SalesForce. For further details on how to use our IVR in Salesforce, please visit the link at the button of the page.