There are security risks involved in processing payments. Merchants subscribe to Worldpay’s tokenization to help reduce the risk of data theft by eliminating storing cardholder data within their own environment. Merchants also frequently enlist other third-party vendor services such as fraud scoring, consumer authentication, and other value added services.
However, there are challenges with using all of these platform specific services in tandem. While tokenization removes cardholder data from a merchant’s environment, other service providers may require access to clear text data in order to be effective, reintroducing sensitive data back into the merchant environment.
Worldpay could simply provide a merchant’s third parties with a detokenization service for cardholder data, but it would dilute the integrity of the token system. Allowing third parties to replicate Worldpay’s tokenization vault presents a risk to both merchants and Worldpay’s tokenization solution.
Given these obstacles, how can a merchant benefit from Worldpay’s tokenization solution and its third-party service providers, without offsetting the value of one or the other?
Introducing a new tokenization service
With the OmniToken Translator service, a merchant’s third-party partners can securely redeem tokens for clear cardholder data. This is accomplished through using strong authentication controls and dynamically generated data that prohibits any entity to replicate Worldpay’s token vault outside of its own environment.
Scalable, flexible, and secure
The OmniToken Translator service leverages merchants’ existing Worldpay tokenization products in market today, allowing ease of integration for new capabilities.
A scalable service, OmniToken Translator supports various use cases and can be applied to third parties who need access to a merchant’s data to perform their value added services. This gives merchants much more flexibility in choosing third-party service providers.
While the service enables a merchant’s third parties to access PAN, only Worldpay has access to actual cardholder data and the token mapping. This ensures that the tokenization vault cannot be replicated at any time, and preserving the security of the Worldpay Tokenization solution.
Most importantly, while authorized third parties will have access to cardholder data, Worldpay will never reintroduce cardholder data back to its retailers. This preserves risk reducing efforts as well as PCI and security compliance requirements.