Security solution

Tokenization

▼ What is Tokenization (non-passing-over settlement using JavaScript)?
It is a security service that can reduce the risk of information leakage by replacing the credit card number entered by the purchaser with another character string (token) to communicate and complete the payment.
Tokenization, member stores can process payments without touching their credit card numbers.
* The credit card number entered by the purchaser is linked to JavaScript and sent to us, and we replace the number with another character string (token) and return it to the member store, and the card company authorization It is a specification to acquire.

Benefits of Tokenization

  • ・ Reduction of information leakage risk
    Tokenization payment without "storing", as well as "processing" and "passing" credit card information, reducing the risk of information leakage for member stores. Even if the token is leaked, it is completely meaningless data and will not be fraud
    This is one of the processing methods recommended in the "Credit Card Security Guidelines" compiled by the Credit Transaction Security Council.
  • ・ No need for major system changes from conventional services
    Since it can be used as a protocol / module type, merchants can realize a payment

Tokenization data flow

  • Token transmission, authorization processing… Token transmission, authorization processing
Tokenization data flow
  1. Display from the purchase screen
  2. Link from html to JavaScript
    Send card number
  3. Token return
  4. Send token
  5. authorization processing with token + amount
  1. Replace the token with a card number
    authorization processing
  2. Return of authorization
  3. Return of authorization
  4. Receipt page display

Precautions for Tokenization

1. The token has an expiration date

The issued token becomes invalid once a certain period of time has passed or once it is used for payment

2. About supported browser environments

Tokenization is based on a browser that runs javascript. Tokenization is not supported on terminals that cannot use JavaScript (some feature phones, etc.).

3. Supports Credit card payment and Multi-currency credit card payment

4. Security measures other than Tokenization

Tokenization is one of the effective means for non-holding credit card numbers in the member store system, but it does not completely eliminate the risk of information leakage.
Since the member store site has been tampered with and the risk of leakage due to unauthorized external communication and the risk of leakage of personal information other than the credit card number due to unauthorized access remain from the various information input screens, appropriate security measures are required according to the member store's environment. It becomes.
(Example: Risk assessment, measures according to the assessment result, in-house training, etc.)