MToken®
Tokenization secures data for long-term storage
MToken™ is Mercury’s proprietary technology that replaces sensitive card data with non-sensitive reference data for long-term data storage. It has become popular as a means of reducing the risk, cost, and complexity of credit card processing. The actual card number is used only in the initial transaction request. The token reference data – a unique string of letters and numbers – is returned to the requester along with approval or rejection of the initial transaction. The token can be used to perform future transactions for the same card.
Today’s POS Systems
Some of today’s point-of-sale (POS) systems still store card data long term. Depending on the POS design and configuration, this could mean all the credit cards processed since the POS was first installed. If the data is not protected according to the Payment Card Industry Data Security Standard (PCI DSS), all the stored credit card data is vulnerable to theft.
MToken for Subsequent Transactions
With MToken, only the token – not the credit card data – is stored in the POS system long term. Storage of non-sensitive tokens reduces the risk to developers and their merchants. It is useless to card data thieves. The token can be used in subsequent transactions in place of the card number, maintaining functionality associated with storing card data, such as recurring billing. The cost and complexity of compliance with industry standards and government regulations is also reduced by shifting the burden of storing cardholder data to the payment processor issuing the tokens. With tokenization, there are fewer PA-DSS requirements for the POS developer to meet and have validated by a qualified security assessor. No new hardware is required to support tokenization.
POS Developers Choose MToken To:
- Support key features merchants want, including: recurring billing, card-not-present voids and returns, incidental expenses, delayed shipping and layaway purchases
- Enhance their Mercury E2E solution to provide the best overall card data security
- Simplify PCI compliance for merchants
- Steer merchants to SAQ C (41 questions) vs. SAQ D (226 questions)
