About the Company
As an international retailer of sporting goods and outdoor gear, Orvis collects sensitive personal and payment data via multiple channels to complete transactions. This can create a complex data environment that’s subject to significant risk and compliance scope, and protecting it can be difficult to manage without restricting the value and utility of sensitive data.
Product Used: Universal Tokens
Protect multiple channels
Orvis is a highly distributed organization of retail stores in the U.S. and UK. At the center are the two regional ecommerce websites for the U.S. and UK, as well as contact centers for call-in orders and email processing.
By integrating with the IXOPAY platform to accept and cleanse data before it entered its systems, Orvis was able to safely store and transmit it without increasing risk or scope.
Additionally, by routing this data through an independent third-party platform, Orvis can maintain complete control of its data and integrate easily with revenue-management services such as fraud prevention, account updater, and more.
“Really, the IXOPAY platform is designed to plug in and do everything you need it to,” Orvis Chief Information Security Officer Tyson Martin said.
Entrust your PCI to experts
As a result, Orvis reduced PCI scope by 90% unified its customer data across multiple channels and protected PII in addition to PCI. Plus, removing sensitive data from its environment enabled Orvis to better allocate its resources and focus on revenue-impacting areas.
“Our expertise is retail and customer service,” Martin said. “We don’t pretend to be able to build a totally secure system on our own. That’s where IXOPAY comes in.”
How it works
Orvis encrypts cardholder data collected from POS devices and online checkout pages before sending it to IXOPAY.
Once the data is captured, the PANs are exchanged for nonsensitive tokens that can be used for internal business operations.
When a repeat customer wants to make a purchase, Orvis simply calls IXOPAY to detokenize the PAN, and then IXOPAY passes that PAN to the appropriate processor or gateway to complete the transaction.
“We never touch any payment data in our contact centers, retail stores, websites, or in the field. That’s a big relief.”