GXS Cloud Tokenization Solution Certified to Protect Cardholder Data
GXS, a leading provider of B2B integration services, today announced that it has received Payment Card Industry (PCI) Data Security Standard (DSS) 2.0 Attestation of Compliance for its PCI Gateway Cloud Tokenization service. To receive PCI DSS 2.0 compliance, GXS policies, procedures and technical systems were reviewed by a third-party auditor, AT&T. The security assessment included on-site validation of network security, cardholder data protection, vulnerability management, access control measures, network monitoring and information security policies.
“Achieving PCI compliance was a high priority for us. Use of card-based payments for Business-to-Business (B2B) transactions has increased significantly in recent years," said Patricia Hines, director of financial services industry marketing at GXS, “But, the growth can only continue if B2B networks can support the highest industry standards to protect cardholder data.”
The GXS Cloud Tokenization Solution accepts transactions and replaces personally identifiable information, such as card numbers, with a secure “token,” a randomized string of unidentifiable characters. The transaction with the token is then sent to be processed. One of GXS’s premier Cloud Tokenization customers is Infor, the world's third largest supplier of enterprise applications and services. Using GXS, Infor is able to offer a safe, reliable way of handling confidential data and ensure PCI compliance for its customers.
The PCI Security Standards Council released PCI DSS version 2.0 to provide greater clarity and flexibility and facilitate an improved understanding of the requirements and eased implementation for merchants. The PCI DSS 2.0 standard comprises a minimum set of requirements for protecting cardholder data. The standard applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data.