We work with a lot of software vendors in the member management space.
One of the most critical needs for these business professionals — due to the nature of their operation — is the need to have secure payment processing integrated with their software.
These fitness professionals and association executives need to have the ability to process recurring credit and ACH payments through their software on a continual basis, so that they can charge for items like fitness memberships, association dues, and personal training session packages.
Rather than input the member’s credit or bank draft account each and every month when a membership payment is due, the software needs to store the account information for ongoing use. Problem is … storing sensitive payment data leaves the data at great risk of being stolen.
That’s where tokenization comes in.
What is Tokenization?
Much like emptying a treasure chest of its valuables, tokenization replaces a cardholder’s primary account number (credit card number) or bank account number with a long string of random numbers that is useless to a thief if stolen.
That long string of random numbers, the token, is used when processing payments. The customers’ actual payment data is sent to a highly-secure encryption appliance and stored, eliminating the need for the merchant to store the payment data on their internal network.
In other words, fitness gyms, associations and other membership-based businesses can go about their business — processing payments the first of every month or whatever their cycle. At the time of payment, the token is retrieved and used for transactions in lieu of the cardholder’s primary account number/credit card number or bank account number.
More Benefits to Tokenization:
1. Because merchants don’t have to store the sensitive data themselves, their Payment Card Industry (PCI) requirements are reduced, which ultimately means less questions on the merchant’s annual PCI survey, reduced liability and reduced costs associated with PCI compliance.
2. Tokenization protects businesses from internal theft — from employees, suppliers, vendors or anyone else connected to the software and its data.
How is Tokenization Different than Encryption?
Encryption masks data using an algorithm to scramble credit card data so that it can’t be read by anyone without a proper key. However, unlike tokenization, that data is on the company’s internal network. So while hacking and being able to use encrypted payment data is minimal, there is still a hole and hackers could potentially reverse-engineer the data to reveal credit card information.
The Best Course of Action …
The tokenization technology we use with our software partners employs state-of-the-art encryption, utilizing a multiple-authority architecture, public-key cryptography and a FIPS 140-2 Level 3 certified Hardware Security Module to store private keys.
At Constellation Payments, we strongly advocate a 3-prong data security approach that includes 1) tokenization AND ALSO 2) point-to-point encryption to encrypt data from the moment it enters the point of sale software and 3) EMV technology to reduce card fraud resulting from counterfeit, lost or stolen cards.
This layered data security method is the best course of action for all software that includes point of sale and recurring membership and/or subscription-based payment processing capabilities.
If you have any questions about our tokenization process, or how Constellation Payments can assist you by delivering payment processing solutions integrated with your point of sale software, feel free to give us a call at 888.248.7060 or send an email to firstname.lastname@example.org.
Angela Summa is the Vice President of Constellation Payments. She is responsible for business development, implementation, channel partner support, and merchant support. Her goal is to ensure businesses offer the highest level of payment processing security and ease of processing to customers. You can reach Angela by sending an email to email@example.com.
Image Courtesy of Pixabay
Subscribe to our Blog, How Payments Are Done!
Get continual educational guidance and strategies on important payment topics including: data protection, tokenization, EMV, and more.
Visit HowPaymentsAreDone.com, enter your email address into the ‘Subscribe to Our Blog’ box and we’ll send our best advice to your inbox.