This invention relates to online transactions, and more particularly, to ways to help secure sensitive user data during online transactions.
Online transactions such as purchase transactions often require that a user divulge sensitive information to an online merchant. For example, a user who is purchasing a product from a merchant is typically required to provide a credit card number and other information related to the transaction. This information is generally uploaded to the merchant using a secure web link. The merchant then submits the credit card number to a credit card processor. The credit card processor checks whether the credit card number is authorized. The merchant may then complete the purchase transaction.
Merchants who accept credit card transactions via online e-commerce websites are subject to a long list of requirements outlined in the Payment Card Industry (PCI) Data Security Standards (DSS). To demonstrate compliance with these standards, merchants are often required to submit to annual PCI audits. Ensuring compliance with PCI standards can therefore be burdensome to merchants.
It would be desirable to be able to provide a way in which to ease the burdens associated with compliance with Payment Card Industry Data Security Standards while ensuring that purchase transactions are secure.