Securing your application

Document created by gjsissons on Apr 11, 2016Last modified by brett on May 12, 2016
Version 7Show Document
  • View in full screen mode

Challenges related to security and fraud are top of mind for many merchants. Vantiv enables developers to easily deliver more secure solutions that incorporate Tokenization, Encryption, and EMV.

From the developer perspective, it’s easiest to think about security in terms of points of interaction. The core points of interaction where Vantiv is helping developers secure payment applications are in eCommerce (card not present), and brick and mortar (card present) transactions.


In eCommerce transactions, cardholder data should ideally be prevented from entering merchant server environments where it is vulnerable to malicious activity or accidental disclosure. With the client side point of interaction made more secure, developers can then work to consider a server side interaction that supports payment use cases like card-on-file transactions supported by Vantiv’s Tokenization solutions.


In a brick and mortar, card-present environment, there tends to be additional complexity from a system and device standpoint. Developers will need to consider point of sale software, payment terminals, and the integration of both to a payment processor.


Vantiv enables developers to reduce fraud concerns with EMV compliant solutions, point to point encryption, and tokenization, transferring risk, and enabling more secure data storage via non-PCI sensitive surrogate card values.



Vantiv offers developers a range of solutions for securing payment applications


Tokenization enables merchants to store low-value tokens in place of sensitive cardholder data, providing secure data transformation and storage regardless of whether customers interact via eCommerce or traditional brick and mortar channels.



Encryption together with Tokenization protects cardholder data


By employing encryption together with tokenization, developers can build applications that help secure payments end-to-end, reducing PCI scope and helping to protect merchants from the considerable costs and brand damage that can occur in the event of a data breach. Rather than the Cardholder Data Environment (CDE) extending to in-store servers and central data centers, cardholder data is exposed only to the payment terminal and resides in Vantiv’s systems from that point on.



Traditional scope and descoping via P2PE/Tokens


Next: Multiple transactions, one receipt