In the early years of electronic payments, full cardholder data (CHD) was often stored in the merchant system, whether this was for a one-time or recurring transactions. Merchants felt that it was necessary to have such data on hand to facilitate transactions, respond to cardholder disputes, run reports and similar functions. The challenge of course, was that the compromise of that CHD by hackers meant the merchant and the consumer faced a cascade of negative impacts – from financial fraud to identity theft. The introduction of the Payment Card Industry Data Security Standard, while a necessary step to protect everyone in the payments chain, added an additional layer of complexity to storing CHD.
In this context, TrustCommerce, with its focus on payment security, began to conceptualize a way in which all of these functions – payment transactions, chargebacks, reporting and other critical payment functions – could be facilitated for the merchant without exposing the valuable cardholder data to the risk of exposure by criminals. In 2001, TrustCommerce developed tokenization to protect this sensitive transaction data for a new client, Classmates.com.
TrustCommerce developed a system, TC Citadel, where merchants could reference a unique account identifier, or token, and TrustCommerce would process the transaction on their behalf. The merchant never stored, processed, or transmitted cardholder data, using this token in its place. This secure billing application allowed them to safely and securely process recurring payments without the need to store cardholder payment information. They were able to exchange credit card numbers and ACH information for TrustCommerce-issued tokens, or Billing IDs.
“Classmates was the earliest subscription-based social networking site. In 2001 we were growing by tens of thousands of new registrants a day. We introduced auto-renewals but worried about the risks of the requirement to store credit card information beyond one-time use. The solution for us was the TC Citadel and tokenization which we achieved with TrustCommerce in 2001,” said Randy Conrads, Founder of Classmates.com.
A complement to encryption, tokenization replaces the Primary Account Number (PAN) with secure, randomly generated tokens. If intercepted, the data contains no cardholder information, rendering it useless to hackers. The Primary Account Number (PAN) cannot be retrieved even if the token and the systems it resides on are compromised nor can the token be reverse engineered to arrive at the PAN.
TrustCommerce provides tokens for both single-use and multi-use scenarios. For example, all transactions provide a unique ID that can be used for follow-up transactions such as settlement and refund requests.
TC Citadel tokenization has continued to mature and advance over the years. Fortune 100 companies, leading healthcare systems, and countless other businesses are using our tokenization solutions today.
