Where is it in your strategy?
Each payment brand calls it something slightly different but they all have something like this now. Every transaction pushed through their network can now be identified with a unique transaction ID. With PCI DSS continuing to be a significant burden for merchants to handle, I can’t think of a better time to consider alternative methods for handling cardholder data after authorization.
Merchants have many options when it comes to PAN replacement options. When it comes to tokens, there are typically two different options you might choose—either per-transaction tokens or per-card tokens. Merchants that want to perform analytics on purchasing behavior using just the payment card itself as a way to track purchases should go with a per-card token like the TransArmor product offered by FirstData/RSA. This way you have a one-to-one relationship between token and payment card.
Merchants that don’t have a need to do analytics in this way might opt to use a per-transaction token to completely eliminate the need to retain a PAN in order to identify any one transaction. Y0u can spend money to buy a product to do this, or you can work with your processor/acquirer to have them pass back the unique transaction ID added to every transaction via the payment networks. Just because you are not getting it passed back to you doesn’t mean your processor doesn’t receive it in their messages.
More importantly, transaction IDs alone do not guarantee full interoperability with processors around settlement and clearing. It’s a great discussion to have with your processor, and in fact, could be a great differentiator when evaluating one processor over another.
Possibly Related Posts:
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- PCI DSS 4.0 Released plus BOOK DETAILS!
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC