Inbound Edge Tokenization

April 4, 2019

A telemarketing firm for multiple non-profits uses a third-party website to collect donations for their clients. The third-party website sent credit card information to the telemarketing firm’s custom SOAP/XML web service. The telemarketing firm stored the credit card information and delivered it to their clients via daily batch files.

Goal

Significantly reduce the telemarketer's PCI scope by completely removing the credit card account number from the telemarketer's data flow.

Solution

Auric provides a custom inbound SOAP proxy service that tokenizes the cardholder data as it is received.

  • The Proxy intercepts the incoming SOAP request from the third-party service; and
  • replaces the credit card account number with a token.
  • The tokenized SOAP/XML request is transparently forwarded to the telemarketing web service.
  • The only change required for the Inbound Edge Tokenization was that the third-party website switch the URL to which they posted the payment information.
  • The telemarketing service also uses Auric’s Outbound Batch Detokenization service to securely translate and deliver full credit card information to their clients. 
  • This dataflow was part of a project to completely remove the telemarketing firm from PCI scope.

Inbound Data Flow

Inbound edge SOAP tokenization dataflow.

Inbound SOAP Proxy data flow.

  1. The Order Collection Service submits SOAP order transactions to the Auric SOAP Proxy Service.
  2. The proxy service extracts the credit card account number and sends it to the AuricVault® service.
  3. The AuricVault® service returns a token.
  4. The proxy service replaces the credit card account number with the AuricVault® token and then forwards the SOAP order to the Telemarketer’s web service.

Security

The Auric custom Inbound Edge Tokenization service, along with a custom Outbound Batch Detokenization service completely removed the credit card data from the telemarketer’s data flow.

Auric also:

  • migrated the incoming SOAP HTTPS connection to the latest HTTPS protocol (TLSv1.2) before the telemarketer upgraded their services.

Technologies Used

  • Tokenization
  • Data Separation
  • Custom PCI Proxy service

Have Questions?

Contact Us

1,000 character limit.

By submitting your name, email address, phone number, and message, you are permitting us to contact you by these means in response to your inquiry or feedback. You also acknowledge that you have read our Privacy Statement and that you consent to our processing data in accordance with it.