
Secure Commerce for Retail
Enable Mobile Ecommerce Channel while Simplifying PCI Compliance
Retail is a highly competitive industry requiring that merchants adapt as quickly as possible to ever-changing buyer behavior and new technologies. E-commerce and mobile commerce are the primary revenue growth drivers in the retail sector, so businesses are embracing these channels to market in order to stay competitive and grow. Mobile applications enable your customers to comparison-shop and make a purchase while in your store, or on the go. Retailers — from airlines to big-box retailers, to insurance and financial institutions — are scrambling to give consumers more convenience and flexibility to shop and purchase wherever they are. Mobile and e-commerce trends offer exciting opportunities for businesses to grow but these channels can also impact data security, with inadequate protection leaving sensitive customer data exposed.
For any business that manages credit card transactions, Payment Card Industry Digital Security Standard (PCI DSS) compliance and its associated costs and complexities are a top concern. Maintaining compliance is an ongoing effort, with often increasing costs. In addition to costs and complexities mounting over time, compliance does not ensure security, as many PCI compliant companies continue to be breached.
The Voltage Secure Commerce solution is a more effective and affordable way to protect Payment Card Information (PCI), Personally Identifiable Information (PII), and private data, and helps you simplify regulatory compliance by significantly reducing PCI DSS audit scope and costs – from the point of data capture at the browser, all the way to the back-office.
With Voltage Secure Commerce, merchants and enterprises can:
- Achieve compliance rapidly, with fast integration the any IT environment
- Significantly reduce costs by reducing scope from the point of data capture to the back-office
- Lower Qualified Security Assessor (QSA) pre-work and remediation costs
- Eliminate tokenization databases and associated costs
- Remove major attack targets such as live credit card data and stored card-holder information
The Secure Commerce solution allows data to be secure beyond the web tier, augmenting SSL security by preventing SSL breaches or configuration errors which can reveal clear text data. Sensitive data is protected as soon as it is entered into the web browser, without disrupting existing data flows such as web analytics, BIN routing, fraud screening and back office processes. Moreover, with the Secure Commerce solution, you can safely put your web servers in the Cloud and pay only for what you need. You can scale up and down for services across time of day or time of year, so you can be responsive to rapid changes in seasons, markets, and business requirements.
The Secure Commerce solution provides these key capabilities and more:
- Protect credit card information and other sensitive data as soon as it is entered into the web browser, such as social security numbers, account numbers, and employee salaries – eliminating a critical security gap for sensitive data which is not addressed by SSL
- Secure data from the point of capture on smartphones, tablets and other mobile devices, to quickly and confidently capitalize on opportunities for revenue growth through mobile channels to market
- Reduce PCI scope by removing cardholder data from systems and applications —front-end web servers, application servers, database servers, routing hardware and back-office systems
- Remove your payment check-out page and front-end from PCI audit scope, and maintain control over the customer’s experience of the payment process
Use Case:
A U.S. airline – which refers to itself as “an e-commerce business with airline attached” – had failed PCI audit and was facing steep fines due to non-compliance. Initially, it appeared they would have to re-write a core application which runs the business – everything from ticket purchases to scanning boarding passes and airplane dispatch. However, with the Voltage Secure Commerce solution, they were able to remove e-commerce servers and back-office systems from PCI scope for an estimated 95% PCI DSS compliance cost reduction due to the dramatic reduction in where cardholder data is present. This enabled them to rapidly achieve compliance at both level-1 and level-2 merchant classifications, and protect credit card numbers received from e-commerce, mobile, and call center channels. Implementation met aggressive compliance deadlines. Instead of re-writing their core business application they were able to dedicate resources to more revenue-enhancing software development projects.