Exploring Card Data Security
Summarize
Summary of Exploring Card Data Security
The Card Data Security application enables organizations to comply with Payment Card Industry Data Security Standard (PCI DSS) by safeguarding cardholder data. It utilizes a tokenizer service to replace sensitive information, such as Primary Account Numbers (PANs), with non-sensitive tokens during dispute workflows, thereby reducing the risk of data breaches. This application allows for the secure handling of sensitive data as it enters and exits your ServiceNow instance.
Show less
Key Features
- Built-in Tokenizer Service: Provides vault and schemas for storing sensitive data securely.
- Connection and Credential Management: Supports user roles and authorization, with configuration options for Visa Resolve Online (VROL) and Mastercom.
- Seamless Passthrough Integration: Facilitates API request and response exchanges while tokenizing and detokenizing data.
- Document Management: Allows for the secure storage of documents from VROL and Mastercom in the tokenizer vault.
- PAN Visibility Options: Enables users to view full PANs or only the last four digits in dispute workflows.
- Document De-identification: Offers the ability to redact sensitive information in stored documents, requiring administrator setup.
Key Outcomes
Implementing Card Data Security supports PCI compliance, enhancing operational efficiency in dispute management while securing sensitive financial information. By tokenizing card data, organizations can effectively manage disputes without risking exposure of sensitive data, thereby ensuring a more secure transaction process.
Learn more about Card Data Security and how it can be used to tokenize sensitive card data, display and mask Primary Account Numbers (PANs), and manage sensitive attachments for Dispute Cases and Dispute Transactions.
Card Data Security overview
The Card Data Security application helps organizations adhere to Payment Card Industry Data Security Standard (PCI DSS) requirements by protecting cardholder data. It provides a tokenizer service that substitutes sensitive data in dispute workflows—such as Primary Account Numbers (PANs) and documents—with non-sensitive equivalent values called tokens.
Using tokens prevents sensitive data from being stored on a ServiceNow instance, minimizing the impact of a data breach.
You can configure data to be tokenized as it enters your ServiceNow instance, and have it restored to its original value when it is sent to Third-Party Systems.
(Disclaimer: This application enables data tokenization capabilities for Dispute Cases and Dispute Transactions.)
Value of Card Data Security
The PCI Data Security Standard requires organizations processing payment card transactions to implement proper security measures. Systems that handle sensitive financial information, such as payment card data, must meet PCI standards to safeguard payment information and reduce the risk of data breaches and fraud.
- Card dispute flows may store, process, or transmit physical card details.
- Card dispute case logs may contain sensitive data.
- Card dispute flows integrate with card networks that transmit card data in their responses.
- Merchants may submit evidence that contains sensitive data, such as screenshots, receipts, or statements.
Card Data Security provides a secure, PCI-compliant vault for sensitive payment information, while allowing FSO users to maintain operational efficiency in dispute management processes. Whether your organization falls under PCI Level 1 reporting requirements or operates at lower transaction volumes, Card Data Security can help maintain PCI compliance while streamlining financial services operations.
Use cases
Card Data Security can support dispute management scenarios such as:
- Creating a dispute case by entering secure card data
- Enhancing an investigation workflow by displaying card information
- Document management for PCI-compliant file handling
Features
| Feature | Description |
|---|---|
| Built-in tokenizer service vault and schemas | Card Data Security includes schemas to support storing card details and sensitive documents in the tokenizer service vault, so that PANs and sensitive data are not stored in ServiceNow. |
| Manage connections and credentials | Supports defining service accounts, user and role management, and context-aware authorization. Card Data Security provides connection aliases for Visa Resolve Online (VROL) and Mastercom that can be configured to your workflow's requirements. |
| Seamless passthrough integration | The Card Data Security tokenizer service passes through API requests from ServiceNow and responses from card networks, while tokenizing and detokenizing data as required. |
| Tokenize and detokenize PANs in VROL and Mastercom requests and responses | Use included VROL and Mastercom connections, or upload and configure other connections for the tokenizer service. |
| Store inbound documents from VROL and Mastercom in the Card Data Security tokenizer service vault | Sensitive documents sent from VROL and Mastercom are kept in the tokenizer service vault, preventing PCI data from being stored in a ServiceNow instance. |
| List and download documents stored in the Card Data Security tokenizer vault | At the transaction level of a card dispute, use the Attachments contextual side panel to view a list of documents stored in the tokenizer service vault, or download documents to your device. |
| View and mask PANs in card disputes | Show the full PAN or only the last four digits in the dispute workflow. |
| Card Data Security container for entering PANs | Use the Card Data Security container to integrate PAN entry in your disputes
workflow. Note: This feature is not pre-configured for the card disputes workflow and
requires additional setup by an administrator. |
| Document De-identification | Redact predefined entities in images and PDFs. Note: This feature is not pre-configured for the card disputes workflow and requires additional setup by an administrator. |
Passthrough Integration Workflow Example
See how PCI data is tokenized and detokenized with Card Data Security when communicating with card networks.
- In a dispute intake workflow with a financial account number, a card network API request is sent.
- The Card Data Security tokenizer service passes through the request to the card network.
- The card network sends a response containing PCI data (such as a PAN).
- The Card Data Security tokenizer service replaces the PAN with a token value and sends the token to the dispute workflow.
- In a dispute intake workflow, a card network API request is sent containing the tokenized data.
- The Card Data Security tokenizer service receives the request and substitutes the tokenized data with the PCI data (such as a PAN). The request containing the PAN is sent to the card network.
- The card network sends a response.
- The Card Data Security tokenizer service passes through the response to the dispute workflow.
Users
| User | Description |
|---|---|
| Administrator |
Administrators manage the card vault table. They configure the connections and routes between your ServiceNow instance, our tokenizer service, and the third-party financial systems involved in Dispute Case and Dispute Transaction processing, such as card networks and core banking systems ("Third-Party System(s)"). They can also implement the Card Data Security container in a disputes workflow using UI Builder. |
| Agent |
Agents use Card Data Security to view and reveal PANs in a transaction for a card dispute case. At the transaction level of a dispute case, agents can also view and download secure attachments sent from VROL and Mastercom in the Attachments contextual side panel. |