Systems and methods for flexibly securing card data
A system and method for determining how much payment card data to mask or encrypt before transmitting the data to process a payment is disclosed. A non-Payment Card Industry (PCI) whitelist and/or a long Issuer Identification Number (IIN) list is received by a PIN entry device (PED). The non-PCI whi...
Gespeichert in:
| Hauptverfasser: | , , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A system and method for determining how much payment card data to mask or encrypt before transmitting the data to process a payment is disclosed. A non-Payment Card Industry (PCI) whitelist and/or a long Issuer Identification Number (IIN) list is received by a PIN entry device (PED). The non-PCI whitelist references cards not subject to industry-defined security standards such as gift cards, shopping reward cards and employee discount cards. The long IIN list references card issuers whose cards are identified by more than a PCI-defined standard number of digits. The PED acquires data from a user card, and analyses the data using at least one of the non-PCI whitelist and the long IIN list. This analysis determines a masking level based on the type of card used, and the data is transmitted to a Point of Sale (POS) client with the determined masking level. The POS client may further examine the card data for non-compliance with pre-defined criteria, and transmits the data to an external server for authorisation. Card numbers referenced on the non-PCI whitelist would not be masked or encrypted, whereas those referenced on the long IIN list would at least be partially masked. |
|---|