Vantiv eProtect CNP Data Security Solution

Document created by gjsissons on May 10, 2016Last modified by lsolheim on Jul 23, 2018
Version 3Show Document
  • View in full screen mode

Vantiv eProtect (formerly known as PayPage) is a comprehensive card not present (CNP) data security solution that helps payment developers and merchants solve initial data capture and cardholder data storage challenges, eliminating cardholder data from their systems. By avoiding the need to store cardholder data, the threat of account data compromise is greatly reduced. PCI applicable controls under PCI DSS v3.1 are also reduced helping save time and money.


How to Deploy eProtect

Merchants embed the eProtect iframe URL on their webpage hosted by Vantiv’s servers, while allowing customized modifications to the style and layout of the checkout experience. To eliminate post-authorization cardholder data storage, Vantiv’s OmniToken solution replaces sensitive cardholder data with low value tokens that can be used in place of payment data throughout merchant systems, greatly reducing the risk of card data being exposed. The Vantiv eProtect environment is validated against PCI DSS.


For Tokenized Transactions

Vantiv stores actual card data at Vantiv’s PCI Level 1 environment and accesses it when you submit a transaction using the supplied token. Vantiv is the only entity that has access to the clear cardholder data and the corresponding tokenized values. This means that merchants retain the business benefits of having cardholder data on file, but without the associated risk.


While other solutions provide security after initial authorization, Vantiv eProtect provides end-to-end protection, helping secure data both at the point of capture and on an ongoing basis. Vantiv eProtect provides developers and merchants with three key advantages:


  • Reduced risk – By implementing eProtect, developers can help merchants eliminate cardholder data from their systems, transferring the risk of securing sensitive data to Vantiv.
  • Reduced PCI scope – With eProtect, payment applications are not required to store or transmit cardholder data, significantly reducing PCI scope.
  • Ease of integration – eProtect can be easily implemented, with minimal impact to existing applications and merchant environments.


Learn More:

2 people found this helpful