An agreement with CRE Secure Payments LLC may help Global Payments Inc.’s online merchants cut Card Payment Industry Data Security Standard compliance processes and costs, the Atlanta, Ga.-based companies announced Sept. 12.
Global Payments will incorporate cloud-based payment security provider CRE Secure’s HTML Clone technology into its Transport Secure online payments program, allowing merchants to avoid storing credit card data on computer networks at their businesses, Global Payments said in a press release.
The primary objective of the agreement, which will affect Global Payments’ North American clients later this year, is to ease PCI-DSS compliance for the merchant because card data would be housed in a CRE Secure PCI-compliant server rather than at the merchant site, Kevin Lee, CEO of CRE Secure, tells PaymentsSource.
Using clone technology will decrease the drop rate, or shopping cart abandonment rate that other hosted payment pages sometimes provoke, and “it will seamlessly integrate with multiple shopping carts in a completely PCI-compliant environment,” Sid Singh, senior vice president and global head of product for Global Payments, said in a press release.
Customers buying products online from a merchant using the Global Systems payments process will not notice a difference between the Web pages used for choosing products and CRE Secure’s clone page that appears when they click on the “Pay by Credit Card” button, according to CRE Secure.
CRE Secure provides its credit card collection form as a page resembling the merchant site. The customer will still have links on that page needed to navigate the rest of the site, CRE Secure states.
When the transaction is completed, CRE Secure uses its cloud-based computing to connect the shopping cart software and payment transaction to existing payments gateways or merchant services bank accounts, according to CRE Secure.
The new method could cut merchants’ PCI compliance costs by 70% to 90% “because it reduces the scope of PCI,” Lee contends.
Merchants only need to ensure that outsourced vendors conduct external audits for PCI compliance, Lee says.
“This makes it a much more straightforward process, because their systems actually never touch the data,” Lee adds.
CRE Secure can support whatever data-security measures or policies the individual merchant or acquirer has in place, Lee says, such as a tokenization scheme.
“We are not going to make the merchant change the payment process relationships they already have,” Lee says.
Various facets of PCI-DSS compliance will remain applicable to merchants, regardless of cloud computing or new data security technologies in the future, Bob Russo, general manager of the PCI Security Standards Council, tells PaymentsSource.
“There are still applicable requirements, such as the security policies of the business, training the employees on those policies, and audits of those third-party relationships to make sure the data is physically secure,” Russo says.
What do you think about this? Send us your feedback.
