Browser-Side Tokenization

April 23, 2019

Remove sensitive data from your business environment

Browser-side tokenization (and detokenization) isolates sensitive data like credit card numbers from your environment, significantly reducing PCI scope. PCI compliant storage using the AuricVault®  service allows the merchant's web service to initiate a session. The AuricVault®  service receives and responds with a session ID. The merchant's website serves a page requesting the card holder enter the credit card number to be tokenized. When the credit card data is entered, a JavaScript routine connected to the “Save Button” gathers up the credit card data and the service session ID and sends them to the AuricVault® service. The AuricVault® service encrypts the credit card and returns a token to the customer’s browser. The JavaScript replaces the credit card number with a token. The data capture form is then submitted to the Merchant Web Service. The credit card number itself is gone – and never touches the Merchant's website. All tokenization occurs on the browser-side. It works the same for any sensitive data.

Fail-Safe Tokenization

What if your JavaScript is broken? What if a network failure causes a script load failure, or a browser update breaks your JavaScript on your billing or checkout page?  Suddenly, the submit button exhibits default behavior and a credit card is submitted to your server – breaking your PCI compliance. The AuricVault® service approach is to break the data entry form into multiple pieces and let the JavaScript put the pieces back together. With a Fail-Safe Tokenization approach, the JavaScript triggered by your submit button can find the credit card number field in the credit card number-form field, tokenize it, add a token field to the main field to ensure only the token is ever submitted to your server. Fail-Safe Tokenization provides the peace of mind that a credit card number can never be sent to your server if your JavaScript is broken or fails to load. 

Detokenization Too!

JavaScript-based browser-side detokenization provides the ability to access sensitive data, like credit card numbers, from your environment. PCI compliant storage using the AuricVault® service allows the merchant's web service to initiate a detokenization call with the sessionId to the AuricVault® API. The AuricVault® service receives and responds with decrypted and detokenized data. The service decrypts the sensitive data and returns it to the customer’s browser. The JavaScript replaces the token with sensitive data. All detokenization occurs on the browser-side.

Scope Reduction

When you implement both browser side tokenization and detokenization you completely remove your servers from PCI scope. Credit cards (and other sensitive data) need never touch your servers.

Benefits and Features

  • PCI Scope Reduction
  • Flexible web-service interface
  • Credit card numbers are separated from personal information
  • Staging SandBox
  • Sensitive data like Credit Card Numbers are isolated from the scope of PCI
  • Easy integration into existing processes
  • PCI compliant off-site data storage
  • Popular with
    • Payment Gateways
    • Merchants Reducing PCI Exposure
    • Call Centers
    • Mobile Application Developers
    • PCI Compliant Organizations
    • eCommerce

Have Questions?

Contact Us

1,000 character limit.

By submitting your name, email address, phone number, and message, you are permitting us to contact you by these means in response to your inquiry or feedback. You also acknowledge that you have read our Privacy Statement and that you consent to our processing data in accordance with it.