Seamless payments, ironclad security: Get the best of both

September 01, 2020
5 minute read
Carl Tucker
Bryan Carroll
Cybersource | Director, Product Management

For eCommerce developers, payments present interesting challenges, like keeping customers’ sensitive payment card data secure through the entire transaction process.

Managing customer payment information

How do you manage the risks of storing payment information on your own systems—where one data breach could cause serious damage to your business? And how do you maintain the security and PCI compliance your business requires—while still offering your customers the frictionless and convenient payment experiences they expect?

To tackle these issues, many eCommerce businesses are teaming up with third-party payment providers that can step in and capture sensitive payment data during the checkout process, encrypt and transmit it safely, and store it securely. This approach makes sense because it shifts the burden and risks of handling sensitive payment card data to a trusted provider that already has the technology infrastructure, advanced security capabilities, and payment expertise in place to keep it all secure.

However, as with most good ideas, the details matter. For example, you can’t afford to disrupt or complicate the final step in your customers’ shopping experience by shuffling them off to a clumsy, externally hosted payment form that feels off-brand or cobbled together, no matter how secure it is. In an environment where your customers’ expectations are sky high (and rising), you have to maintain control over every part of their shopping experience—including payments—even when you work with outside providers.

Introducing Flex Microform: We're here to help

Flex Microform gives you an easy, invisible way to protect your customers’ payment data from man-in-the middle, payload injection, and other advanced attacks.

Flex Microform allows you to embed custom card information fields directly into your existing checkout page. These fields are actually hosted by Cybersource, so when customers enter their card payment data and click submit, their sensitive payment data is encrypted, sent directly to the Cybersource payment gateway and tokenized, without ever coming into contact with your eCommerce platform.

Flex Microform only hosts the specific fields that contain sensitive payment data (usually the PAN and CVV fields), and those fields are fully customizable. That means your customers never have to see or interact with an external payment form, and you always maintain total control over their checkout and payment experience. And you still gain access to all of Cybersource’s advanced security capabilities and benefits.

And that’s a long list. With Flex Microform, sophisticated transportation security encrypts your customers’ payment information before it’s transmitted to the Cybersource payment gateway via HTTPS. Short-term and mathematically irreversible tokens, CVV capture, signature-verified interactions, and many other advanced features keep that customer payment data secure throughout the entire payment process. And tokenized payment information is always stored in Visa’s secure data centers and processed through the Cybersource secure payment gateway—totally independent from your own ecommerce platform.

World-class payment security with zero customer impact

When you put all these pieces together, Flex Microform gives you an easy, invisible way to protect your customers’ payment data from man-in-the middle, payload injection, and other advanced attacks. It reduces your PCI DSS scope and can eliminate the risks of storing payment data on your own eCommerce systems. And it does all those things without ever forcing you to compromise on the shopping and payment experiences you offer your customers.

Visit Flex Microform in the Cybersource Developer Center to learn more about how Flex Microform can bring payment security to your eCommerce business—without ever slowing you down or getting in your way.