This invention relates generally to a method and system for providing website hosting security, and more particularly to a network-based system and method for providing security to websites hosted by an application service provider, wherein the application service provider hosts a plurality of websites for customers and stores user information in a single repository for a user having accounts with one or more of the customers.
Financial transaction cards have made great gains in the United States as a means to attract financial accounts to financial institutions and, in the case of credit cards, as a medium to create small loans and generate interest income for financial institutions. Nonetheless, the financial transaction card industry is subject to some problems.
Financial transaction cards are frequently utilized as the payment medium when a consumer makes an online purchase. Web sites of online sellers are typically hosted by an application service provider. The application service provider may host web sites for multiple online sellers. Typically, the consumer has to register with the seller, and this is generally done by providing information such that an account for the consumer is created at the application service provider. Oftentimes, when registering with the seller, the consumer will provide a transaction card number that will be utilized for current and/or future purchases. The application hosting industry is not limited to the buyer and seller example described above. By way of further example, users of financial transaction cards are often able to register online to view statements, pay bills, and the like. A similar application is where a user can access their bank balances and make other transactions with their financial institution.
At least one known example of an application service provider hosting a website includes an application service provider hosting a website for customer A and customer B. Customers A and B might be retailers, as one example, in which case they would have customers, referred to as “users” herein. Accordingly, Customer A would have users that have accounts with Customer A, and Customer B would have users that have accounts with Customer B. Certain individual users will have accounts with both Customer A and Customer B. Currently, to keep data associated with users unique and secure, the application service provider maintains two different data repositories for user information, one data repository each for Customer A and Customer B.
In order to maintain PCI compliance (e.g., Payment Card Industry Data Security (PCI DSS) compliance), when User A logs into either Customer A's website or Customer B's website, both hosted by the single application service provider, the application service provider has to store the user information for User A in separate repositories, even though the User A may utilize the same user ID and password for both their Customer A account and their Customer B account. One problem with this model is that the solution requires dedicated electronic hardware and/or dedicated software repositories for each of the user IDs associated with a single user.
Accordingly, a system and method for managing accounts at the application service provider level is needed so that repetition and duplication of account information is avoided while still remaining PCI compliant.