Available Granules

Current Processors

  • Authorize.Net
  • Elavon/NOVA
  • First Data Atlanta/Buypass
  • First Data North/CardNet
  • FirstData Nashville/Envoy
  • Global Payments
  • Payflow Pro
  • Paymentech Tampa/PNS
  • Telecheck
  • TSYS/Vital/Visanet
  • Element Payment Services
  • TrustCommerce

Resources

 

Contact Us For More Information

Partner End User

ChargeLogic Connect Secure Remote Storage

Now ChargeLogic users can get the PCI-compliance benefits of tokenization without the per-transaction fees, downgrades, or lock-in associated with third party providers. ChargeLogic Secure Remote Storage (SRS) offers a twist on traditional tokenization by delivering “side-channel tokenization”.

Without SRS, when a user keys a credit card number into a ChargeLogic field in the Dynamics NAV system, ChargeLogic securely encrypts the card number and stores it in the NAV database. By comparison, with SRS enabled, when the user keys a card number into the system, ChargeLogic makes a real-time request for a token from the ChargeLogic Connect server and stores the token. When the transaction is submitted, ChargeLogic makes another real-time request from the ChargeLogic Connect server for the card number so that it can be submitted directly to the payment processor.

The card number is never stored in the NAV database. Instead, when the card number is required for payment processor communication, ChargeLogic retrieves it, securely transmits it, and forgets it. This allows users to maintain the direct connection to their payment processors while removing Dynamics NAV from PCI scope.

ChargeLogic Connect Features include:
Hosted Orders
ChargeLogic Checkout
Gift Cards

Background on Tokenization
New technologies have been introduced in the credit card payment industry in the last few years that allow merchants to take their operations out of scope for PCI-compliance. The most popular of these technologies is called “tokenization”, which ChargeLogic has supported since version 4.00.

Tokenization providers act as a middle-man between the merchant and the processor. When a merchant performs a credit card transaction, the request goes through the tokenization provider before proceeding to the processor. When a credit card number is used for the first time, the tokenization provider creates a token that represents that number and only the token is stored by the merchant’s software. In future transactions with that card, the software simply provides the token in lieu of the credit card number and the tokenization provider replaces the token with the real card number when it communicates with the processor.

While allowing the merchant to avoid storing credit card numbers and placing themselves in-scope for PCI-compliance, most tokenization schemes have several drawbacks. First, most providers charge per-transaction fees for use of their service. These fees can quickly eat away at any savings provided by avoiding PCI-compliance. In addition, most tokenization providers do not provide support for authorization reversals, preventing payment software like ChargeLogic from adjusting authorization amounts in response to backorders or freight amount adjustments. This causes downgrades and higher processing fees.

Most importantly, however, using traditional tokenization results in “provider lock-in”.

Provider lock-in occurs when a merchant has been using tokenization and wants to switch providers. The original provider has all of the merchant’s customer credit card data stored in their system and leaving that provider means abandoning all that data and starting fresh. This can have highly negative consequences for merchants who use recurring billing, have auto-billed subscription services, or are simply used to the convenience of having customer credit cards on file.