An order management firm aggregates repeat orders for multiple companies. Clients sign up for products to be delivered monthly and quarterly. The order management firm forwards the sales order to the end company on the requested schedule via JSON web API.
Comply with the Payment Card Industry Data Security Standard (PCI-DSS) requirements by removing the credit card account number from telemarketing firm’s environment.
The telemarketing firm was already using an embedded HTML iFrame hosted on the AuricVault® servers to collect and tokenize the credit card account number.
A detokenization web proxy service accepts out-bound JSON-RPC web API request from the order management firm, replaces the AuricVault® token with the original credit card data, and then securely forwards the order information to the end company.
Auric deployed this solution with minimal change to the firm’s existing environment:
- a minor code change to post data to the outbound edge proxy vs. the end companies.
- updated their rules.
Auric forwarded new source IP addresses to the end companies.
Outbound PCI proxy data flow.
The Order Management Service (OMS) uses the AuricVault® service to tokenized credit card account numbers. The card data now needs to be sent to various clients or business partners.
- The Order Management Service sends a JSON API request to Auric’s Outbound PCI Proxy Service.
- The proxy service extracts the token from the request and sends the token to the AuricVault® service.
- The AuricVault® service returns the original credit card data.
- The proxy service replaces the token in the API call with the original credit card data and forwards the JSON API request to the appropriate company.
The Auric inbound and outbound proxy services completely remove the credit card data from the order management firm’s data flow.
NOTE: Auric's Proxy Service can manage different API calls to different processors. It is not limited to JSON interfaces. It supports XML, SOAP, HTML web forms, and custom data formats.