Security Solutions
Tokenization
▼ What is Tokenization (non-passing-over settlement using JavaScript)?
It is a security service that can reduce the risk of information leakage by replacing the credit card number entered by the purchaser with another character string (token) to communicate and complete the payment.
Tokenization, member stores can process payments without touching their credit card numbers.
* The credit card number entered by the purchaser is linked to JavaScript and sent to us, and we replace the number with another character string (token) and return it to the member store, and the card company authorization It is a specification to acquire.
Benefits of Tokenization
-
・ Reduction of information leakage risk
Tokenization payment without "storing", as well as "processing" and "passing" credit card information, reducing the risk of information leakage for member stores. Even if the token is leaked, it is completely meaningless data and will not be fraud
This is one of the processing methods recommended in the "Credit Card Security Guidelines" compiled by the Credit Transaction Security Council.
Tokenization data flow
… Token transmission, authorization processing
- Display from the purchase screen
- Link from html to JavaScript
Send card number - Token return
- Send token
- authorization processing with token + amount
- Replace the token with a card number
authorization processing - Return of authorization
- Return of authorization
- Receipt page display
Precautions for Tokenization
1. The token has an expiration date
The issued token becomes invalid once a certain period of time has passed or once it is used for payment
2. About supported browser environments
Tokenization is based on a browser that runs javascript. Tokenization is not supported on terminals that cannot use JavaScript (some feature phones, etc.).
3. Supports Credit card payment and Multi-currency credit card payment
4. Security measures other than Tokenization
Tokenization is one of the effective means for non-holding credit card numbers in the member store system, but it does not completely eliminate the risk of information leakage.
Since the member store site has been tampered with and the risk of leakage due to unauthorized external communication and the risk of leakage of personal information other than the credit card number due to unauthorized access remain from the various information input screens, appropriate security measures are required according to the member store's environment. It becomes.
(Example: Risk assessment, measures according to the assessment result, in-house training, etc.)
- Top
- Service list
- PG Multi-Payment Service
- Security solution
- Tokenization
This service is applicable when the introduced EC site is operated by a corporation.
If the introductory EC site is operated by an individual, please check here.