Bundling E2E and MToken®
Bundling E2E and MToken™ Removes the POS from PA-DSS Scope
Combining Mercury’s end-to-end encryption with proprietary tokenization technology provides all the benefits of both for the best overall card data security solution. Using end-to-end encryption for initial card data entry and storing a token for subsequent transactions removes the point-of-sale POS system from the scope of PA-DSS requirements and helps merchants achieve PCI compliance.
E2E
Mercury’s advanced encryption technology secures card data by encrypting it at the instant a card is swiped or keyed, and keeps it encrypted throughout the transaction. E2E reduces the number of systems handling sensitive card data. When encrypting card readers are combined with support from Mercury, sensitive cardholder data – and the PCI requirements to protect it – are eliminated from the POS system.
E2E alone provides the best card data security, but when combined with MToken, merchants can also securely complete future transactions for the same card. For example, restaurants need to send subsequent transactions to perform tip adjustments. Retailers prefer to store the card number for error correction and to make returns easier. Some businesses require recurring billing capability or wish to save the numbers of repeat customers for their convenience.
MToken
MToken is Mercury’s proprietary technology that replaces sensitive card data with non-sensitive reference data for long-term data storage. It reduces the risk, cost, and complexity of credit card processing. The actual card number is used only in the initial transaction request. The token reference data – a unique string of letters and numbers – is returned to the requester along with approval or rejection of the initial transaction. Only the token is stored for use in performing future transactions for the same card.
Tokenization alone eliminates the potential for theft of stored card data, but the data is still vulnerable as it passes through the system prior to the token being returned for future reference. Malicious software is designed to intercept card data as it is passed from peripherals, such as magnetic card readers and keyboards. It can even steal it out of computer RAM used by the POS software. Combining MToken with E2E protects data from these risks.
Best of Both Worlds
- Remove POS from the scope of PA-DSS compliance
- Significantly reduce risk and PCI compliance requirements
- Provide the best overall card data security
- Support key features merchants want, including: recurring billing; card-not-present voids and returns; incidental expenses; delayed shipping; layaway purchases
- Steer merchants to SAQ B (26 questions) vs. SAQ D (226 questions)
- Reduce the cost of PCI compliance for merchants
