At IndieMe our goal is to always look to the future, bringing our members the most up to date software and processes available. We have looked at the most modern way of processing the orders you place with your credit card on the IndieMe Marketplace, and we are announcing that as of today, we are using a new tokenized system to store credit card data. This data will be stored with our merchant services gateway provider Cliq, a PCI Level 1 Compliant provider.
Being a merchant yourself you understand the need to keep your customers credit cards secure and safely stored. With browsers now able to store personal credit cards and smart phone credit card wallets, we no longer feel that storing and encrypting credit cards on our database is a viable option.
New technology is now embracing tokens for credit card storage. Tokens replace the full card number with a randomly generated number or ‘token’. This token is then called upon by the artist at the time they are ready to process payment on your order. The artist never sees the card number – only the last 4 digits so you never have to worry who has access and who is viewing your card numbers.
We have introduced to our artists IndieMe Pay, a merchant services gateway using tokens to store credit card data and allowing our artists to process your payment on orders placed through the IndieMe Marketplace. For those artists who are using IndieMe Pay, you will see the option ‘Card Charged when Shipped’ both on their store and during checkout where you will be permitted to enter your credit card or eCheck. Your card or eCheck data will be tokenized and the artist will call upon that token when ready to make the payment. Again, no one will EVER see your card or check information!
If the IndieMe artist does not use IndieMe Pay you will see their specific options on their store and during checkout. If they do not use IndieMe Pay you will not be asked for your credit card or eCheck information during checkout. The artist will need to contact you directly to get your payment information or, if they use PayPal, ask you to login and make the payment.
WHAT IS TOKENIZATION?
Tokenization replaces credit card data when entered into a web form with a unique generated placeholder, commonly referred to as a token. Tokens have no meaning by themselves and are worthless to criminals if a company’s system is breached in any way. For example, if someone’s actual credit card number was 4756 5233 7856 2587, when the token is generated it might become FEX8412WPLK458. This token is randomly generated instead of using an algorithm so there is no way to regain the original card number — the bad guys can’t reverse-engineer the actual credit card number, even if they were to grab the tokens off the servers.
Tokenization can be done in-house or outsourced. IndieMe has decided to outsource our tokenization to a merchant services company named Cliq. Outsourced tokenization to CLiq eliminates the card data from the IndieMe Marketplace and moves it to the token vault stored by Cliq, who is PCI Level 1 Compliant.
When it is time to process the payment, the gateway sends the token to the token vault to retrieve the card data and forward it to the network for authorization. This ensures all IndieMe buyers card data is securely stored offsite.
We strongly believe this will provide a sense of relief to our buyers and our artists knowing cards are safe and the marketplace is utilizing the most up to date method of handling this sensitive data.