CyberSource introduces managed payments service for e-merchants
06 June 2006 | 1469 views | 0
CyberSource Corporation (NASDAQ:CYBS) today announced the launch of a new service enabling eCommerce merchants to process electronic payments without the risk of storing or even handling sensitive account information.
With CyberSource's Payment Data Management, CyberSource, not the merchant, manages sensitive customer information such as credit card numbers and related transaction data. CyberSource handles and stores all payment data on behalf of the merchant in security-certified processing centers that connect directly with the banking network. As a result, consumer payment information is safer, merchant risk decreases, and merchant compliance with card association security rules can become simpler and faster.
The new service has already received strong interest from customers. The Georgia Technology Authority, information technology manager for the State of Georgia, is an early adopter. It has been tasked with ensuring that state agencies accepting payment online do so under the standardized card association guidelines that came into effect last June, called Payment Card Industry Data Security Standard or PCI.
"Securing PCI certification for our many agencies is a huge undertaking," said Mark Reardon, director of security for the Authority. "CyberSource's Payment Data Management service has minimized the challenge by eliminating the need for our constituent agencies to handle any payment card information. CyberSource handles the acceptance, processing, transmittal and storage of our eCommerce transactions. We've now successfully processed hundreds of thousands of transactions with the CyberSource service -- and we're not touching confidential account data. Our certification efforts have been accelerated and we are very happy about the level of security being provided to the state's eCommerce customers."
Hosted payment acceptance and secure storage offered
Payment Data Management consists of two services, Hosted Payment Acceptance and Secure Storage. Using Hosted Payment Acceptance, merchants outsource the checkout page of their web store, allowing CyberSource to manage the acceptance and processing of the eCommerce transaction. When customers hit the buy button, CyberSource collects the actual payment data, processes the transaction, and securely stores the data for any subsequent payment action, such as a credit. Merchants never see or touch the sensitive payment data. The checkout page can reflect the look and feel of the rest of the merchant's web site, thus making the outsourcing of the page seamless to the consumer, or it can be made obvious to the purchaser that they have arrived at a page managed within the secure processing network. The merchant can employ either option.
Secure Storage is solely focused on the storage of payment and related consumer transaction data. Merchants can capture the eCommerce transaction as they normally do, using their own checkout page. However, after transmitting the data for processing, CyberSource stores the payment data on behalf of the merchant in PCI certified processing centers. The merchant is no longer exposed to the risk associated with storage of payment data. Secure Storage can be used on its own or as a part of the Hosted Payment Acceptance service and supports single transactions, recurring billing, and installment payments.
In both Hosted Payment Acceptance and Secure Storage, merchants access their stored data by referencing a unique transaction identifier, in the form of a payment token, maintained by CyberSource. Secure Storage is compatible with any payment system or processor-merchants need not use CyberSource for other payment processing services.
"This service is a direct result of customer input," said David Glaser, CyberSource vice president, professional services. "Our merchants are now increasingly aware of the risks an intrusion could pose to their customers' trust and even to their brand's value. Many are also deeply concerned with PCI certification. This new service radically reduces merchants' risks of storing, processing, and transmitting data, because we take care of those tasks in our PCI-certified data centers. Our merchants can rely on us, minimize their risks, and speed their own progress toward security certification."