This week we will talk about something very, very interesting and for us nerds out there, very exciting. We’re going to talk about credit card encryption and tokens. The reason that this is important is there are a lot of eCommerce sites out there where over 50, 60 70% of the revenue comes from reoccurring sales. A recurring sale might be a subscription box similar to BarkBox or similar to some other solutions.
You might have an eCommerce site on BigCommerce, Shopify, or Volusion while selling products ala cart. But you might also have that subscription method. if I want to get some vitamins from Vitamin Shoppe, it allows me to actually place orders and have a specific vitamin or multiple vitamins shipped to me on a monthly or biweekly basis. Now when this happens, there is a technology that happens in the background, which is you have to store the credit cards and you have to tokenize the credit cards.
We’ve been getting a lot of requests from clients who want to migrate from one platform to another: Volusion to BigCommerce or Shopify to BigCommerce or Magento to Shopify. And everything is okay, they can do the migration, but they’re getting stuck with migrating these tokens. So we’re going to talk about the two types of credit card storing technologies today and we’re going to talk about how we can migrate this technology.
What is the Difference between Credit Card Tokenization and Encryption?
When we talk about these credit cards and how these credit cards are stored, are two ways. Can you tell us more about this?
You can either encrypt them into your system or tokenize the credit cards. When we are tokenizing the credit cards, you need to use a payment provider like Worldpay or there are a bunch of other payment providers out there like Authorize.Net.
The tokenized credit cards are handled by the payment provider. However, if you are storing the credit cards in an encrypted fashion, solutions are out there. PCI compliant platforms like Volusion, BigCommerce, and Shopify actually handle this for you. Then it gets a little complicated because there are two types of recurring credit cards you can have.
One, you can have a recurring product or reoccurring order. The challenge comes when a platform like Volusion really handles recurring orders, not products, and a solution like BigCommerce can handle recurring products and recurring orders.
These platforms cover different scopes. Because if I am buying only one product on Tuesday the 19th, that charge is going to hit me every 30 days. If I’m buying another product now on the 22nd, however, does the token or encrypted credit card merge those two products into one order? Do I treat it as separate products?
Challenges of Encrypting Credit Card and Payment Information for eCommerce: PCI Compliance, GDPR, and Platform Migrations
This is a business decision for many eCommerce companies out there. When we’re dealing with a platform, if you’re encrypting credit cards, you want to make sure that wherever you are encrypting or wherever you’re storing those credit cards is PCI compliant.
In our research, we see that ninety percent of the people who actually encrypt these credit cards are not PCI compliant. They are breaking the law and they are actually prone to getting fines from Visa, MasterCard, or American Express because they have a lot of security issues on their systems because they are not PCI compliant.
Other compliance issues like GDPR are a concern. You have to let the client or your customer know that you’re encrypting these credit cards. We’ve worked on some projects migrating these credit cards and these tokens.
What is the biggest issue, regarding client concerns?
Many people don’t have their credit cards tokenized. They’ll have it encrypted, so the challenge comes to taking this encrypted information and tokenizing it so that they’re compliant with PCI.
Why Does Payment Tokenization Matter for eCommerce Companies?
Why is it important to tokenize? Is it only for PCI compliance or does it actually make the process a little bit more efficient when you’re going through the ordering process?
It’s both, definitely. Not only does it make you PCI compliant, but it also gives you a lot more freedom when it comes to adding products to your subscription. So think about BarkBox or think about Dollar Shave Club, it’s a recurring charge, but you can add and remove products at will from the customer’s side.
Consider that BarkBox does over a hundred million dollars and Dollar Shave Club is a billion-dollar company. How can small and medium-sized businesses actually afford to do this? That’s where Optimum7 comes in; we have the right processes and the technologies to actually assist our clients to migrate these tokens or create them from encrypted credit cards.
Data Tokenization Solutions
The method for this is really simple. We have to take every single detail for the order: the customer’s given name, surname, customer address, and zip code. Then we need to get the products that are currently on an existing recurring subscription. We need to see if they’re tokenized, what percentage of it is tokenized, what percentage of those orders are encrypted credit cards, and then build a plan.
We take the entire information in XML CS3 format and push it through the API into the payment provider. In Worldpay, as an example, the payment provider is API. We take those encrypted credit cards, the product information, and the date that that order or that product is supposed to renew every month to be shipped again.
Once the data is collected, we push it to the Worldpay API or the payment provider API and we tokenize these. Now, once we tokenize these, then we import the tokens into the eCommerce platform. Each could be BigCommerce, Volusion, Shopify, Magento, the enterprise like Demandware, SAP Hybris, Episerver.
Whatever solution they have as an eCommerce platform, we just import those tokens, so that way, now under their account pages, similar to BarkBox and Dollar Shave Club. Then your users or the client’s users can log in and manage the account. They can cancel, pause, or add a product to their subscription and not have to worry about getting billed five times. If you have five products and you started those subscriptions on different dates, you don’t want to get billed five times on different dates in a month. The token will prorate it for digital products or for SAS companies.
Other Benefits of Credit Card Tokenization for eCommerce Businesses
With eCommerce, it’s essential to have your orders and the encrypted credit card’s tokenized to make them secure and PCI compliant. You’re not storing any of this information, so you are not liable if something goes wrong.
As an added benefit, tokens are not transferable just like credit cards. I can have your credit card and I can spend it on whenever I want, but you can’t just take a token and charge it to something else.
Challenges and Concerns Regarding Tokenization
This is why we want them to tokenize. So when we talk about clients like this though, Carlo, there are a lot of clients we have that don’t really want to tokenize. What is the concern that they have?
The problem with this is really data loss or that’s the real fear that’s coming from these clients. I mean, you have a ton of information, sensitive information from the clients, the information about the orders, where they’re coming from-
With the data, they don’t really want to rock the boat here. Sometimes there are millions of dollars at stake here. One false move, and you could be losing a ton of sensitive data that’s valuable to your business.
Migrating eCommerce Platforms with Encrypted or Tokenized Credit Cards
If an eCommerce platform is not working for you and you’re trying to migrate but you have a ton of existing encrypted credit cards or tokens in that platform, clients are scared to migrate it into another platform. And what we’re saying is don’t be scared, this process is actually pretty straightforward. Here are the companies that we would need to contact.
We need to have access to your payment providers, like Worldpay or a third party who might be handling your recurring payments, like Bold Commerce. Then we’ll ask which platform you’re going to, say if you’re migrating from Volusion to BigCommerce.
The last thing is we need to know your entire order process. We need to look at your customers, order dates, and their subscriptions. This is very important. Did you base your recurring business on recurring products, recurring orders, or both? As long as we have this information, it’s actually pretty straightforward to migrate from one platform to another platform. As a result, we find it very easy to tokenize your existing encrypted credit cards.
There are some clients that we see that they store credit cards and they’re not even encrypted. This lack of security puts you in a vulnerable situation. If you have any questions, anything else about tokenizing or encrypted credit cards, we’re happy to assist you. We’ll talk to you guys next week.
Migrating eCommerce Platforms? Don’t lose your client’s payment information
