A telemarketing firm for multiple non-profits uses a third-party service to collect donations for many of their clients. This third-party service automatically sends credit card information to a SOAP/XML service built and operated by the telemarketing firm. The telemarketing firm generates batch donation files containing the credit card information for all their clients.
Take the telemarketing firm’s data flow out of PCI scope by completely removing the credit card account number from their environment.
Auric provides two custom solution:
- inbound SOAP Proxy
- outbound batch de-tokenization
Inbound SOAP Proxy
Auric provides a custom PCI SOAP Proxy that:
- intercepts the incoming SOAP request from the third-party service.
- replaces the credit card account number in each SOAP request with an AuricVault® token.
- forwards the tokenized request to the telemarketing firm.
Inbound Data Flow
Inbound SOAP Proxy data flow.
- The Order Collection Service submits SOAP order transactions to the Auric SOAP Proxy Service.
- The proxy service extracts the credit card account number and sends it to the AuricVault® service.
- The AuricVault® service returns a token.
- The proxy service replaces the credit card account number with the AuricVault® token and then forwards the SOAP order to the Telemarketer’s web service.
The Auric custom Inbound Edge Tokenization service, along with a custom Outbound Batch Detokenization service completely removed the credit card data from the telemarketer’s data flow.
migrated the incoming SOAP HTTPS connection to the latest HTTPS protocol (TLSv1.2) before the telemarketer upgraded their services.