Payments—whether by consumers or businesses—are increasingly being made through digital channels. After all, online acceptance streamlines processes, eases demands on staff, and improves the customer experience. While the shift to digital offers a fast and convenient way for customers to pay, it unfortunately increases opportunities for hackers to break into systems and steal valuable card data. That’s why it’s more important than ever for software providers and their end users to employ security technologies that protect systems and networks from handling or storing sensitive payment details captured in online forms. Implementing these solutions also reduces the scope of vulnerable data, which simplifies PCI DSS compliance validation.
Two effective solutions for securing card data and reducing PCI scope are JavaScript Tokenization and Hosted Payments. Here’s a simple chart for a quick comparison. Read on for more information to help you decide which solution is the best fit for you and your customers.
Features | JavaScript Tokenization | Hosted Payments |
---|---|---|
Security Solution | In-page client-side tokenization | Hosted checkout page |
Integration Required | Yes | No |
Checkout Experience | Full control using your own pages | Redirect customers to a hosted page |
Branding | Full customization of your own pages | Limited: add your logo and change colors |
Speed to Launch | Days | Minutes |
One-Time Transaction Capture | Yes | Yes |
Save Cards on File | Yes | Yes |
PCI Complexity Level | Moderate, SAQ A-EP | Simple, SAQ A |
JavaScript Tokenization
Tokenization is the process of turning important data into a string of characters that serves as a reference to the original data, and has no value if breached. It allows for the collection of sensitive payment details directly from customers in a secure manner and, in return, issues a token representing this information to process payments. By tokenizing sensitive data, liability is reduced, simplifying PCI DSS compliance requirements.
PayJunction’s JavaScript Tokenization is integrated into your website using our JavaScript SDK to perform this process in the cardholder's browser on existing payment forms. This ensures that you retain full control over the look and feel of the checkout experience and that no sensitive card data or bank account details touch your servers. The request to tokenize is sent directly from the cardholder’s browser to PayJunction's server, which means your servers are not exposed to sensitive information.
The returned tokens are short-lived, single-use entities meant to be used immediately. They are used for two purposes: 1) to process a charge or refund a transaction, or 2) to store the payment information in a secure customer vault for later use, such as future transactions, recurring, and subscription payments.
Hosted Payments
If any of your customers just need a simple and secure way to accept payments on their website, consider implementing Hosted Payments. It allows them to quickly and easily turn their website into a convenient place for their customers to pay for goods and services from their desktop, phone or tablet without the embed payments software.
Hosted Payments adds a simple “Buy Now” or “Pay Now” button to a website that automatically redirects customers to a secure billing page where they enter their payment information. PayJunction’s Hosted Payments allows merchants to add a logo, customize the color palette, and specify information to collect.
Since PayJunction hosts the secure payment form, the sensitive payment information never passes through your website or servers. Therefore, all the data collected remains outside of PCI scope, which means the business will typically qualify for a simplified PCI DSS compliance validation process.
Hosted Payments is a standard feature that is available for all PayJunction customers. It is simple to set-up and offers options for collecting e-commerce payments via a shopping cart or collecting outstanding balances for invoices.
No matter which method you choose, you can rest easy knowing that the sensitive payment details collected are secure, and that your customers and their customers are protected.
Interested in Javascript Tokenization?
Software vendors new to PayJunction can get started by requesting an application key and noting interest in JavaScript Tokenization in the form details. If your software is already integrated with PayJunction, simply request a publishable key for tokenization.
Still have questions? Leave a comment below, we’d be happy to discuss more with you.