Secure Profile Storage

With Admeris Secure Profile Storage (SPS), merchants can remotely store credit card and other sensitive customer data with Admeris to increase security and reduce the scope of Payment Card Industry Data Security Standard (PCI DSS) compliance.

• What is PCI Compliance? How Does it Affect Me?
• How Admeris Secure Profile Storage Helps With PCI Compliance
• How Secure Profile Storage Works
• Storing Data via Silent Redirect

PCI DSS Compliance is an industry-mandated security standard that applies to all businesses that handle, process or store credit cards. It details how such data should be handled, stored, transmitted, and protected.

If a merchant is breached, and it is found that said breach occurred due to failure to abide by PCI DSS, they can be fined (size of fine depends on size of breach).

To achieve PCI Compliance, a merchant is required to implement controls according to the standard, then submit their systems to an PCI audit. The scope and associated costs of the entire process depends on how involved the merchant is with the card data. Reduce the merchant's involvment, and responsibility under PCI will be be reduced as well.

The PCI DSS in its entirety can be found at https://www.pcisecuritystandards.org/.

Many merchants wish to make the customer shopping experience easy, especially for repeat customers. A common feature offered is a 'stored profile' that a customer can access with an account login, allowing the customer to save preferences and payment method data.

However, when a merchant stores or handles sensitive data such as credit card numbers, they are subject to far more of the PCI DSS rules than a merchant who does not store that data. The cost to implement and certify the merchant's website can be prohibitive.

Admeris Secure Profile Storage allows you to keep and use sensitve data - without it even entering your system. That way you can eliminate the PCI compliant storage problem altogether.

Click to Enlarge

When information is stored with Admeris, a "Token" (which identifies the information in secure storage) is returned in response. This storage Token can be used in the same manner as an actual credit card for all subsequent transactions including purchases and recurring billing. When presented with a Token, the Admeris Payment Gateway knows to look up the associated credit card from storage and use it in the transaction.

Potential thieves cannot use Tokens because they do not contain any card data. They are safe for the merchant to store and will not incur any of the risks associated with storing real credit card data.

Admeris Silent Redirect transmits card data to Admeris in the background and only returns the results of a transaction to the merchant via a 'silent redirect'. Silent Redirect allows you to process payments and store profiles without sensitive data ever entering your servers. At the same time, you retain full control over the look-and-feel of your pages as well as the stored data.

Using SPS with Silent Redirect, the scope of PCI Compliance is greatly simplified - making compliance faster, easier, and much more affordable.

» Back to the Top

» Return Home