The present invention relates to secure payment methods and systems. More particularly, the present invention relates to methods and systems to allow merchants to perform payment processing such that a customer can securely provide sensitive payment data to a merchant and the merchant is not required to store the sensitive payment data to perform a payment processing transaction.
In purchasing transactions, there are various restrictions that are placed on merchants to ensure that encrypted payment device data is protected from potential fraudulent activity. Such restrictions can increase the administrative cost of performing purchasing transactions. For example, PCI DSS is a set of standards relating to, among other things, the security of customer identification data (e.g., credit card numbers, identification data, etc.) by merchants that accept credit card payments. Becoming and remaining PCI-compliant represents a significant expense to many merchants in terms of both infrastructure costs and initial/ongoing auditing costs. Estimates are in the hundreds of thousands to millions of dollars for large companies to implement these standards on their existing point of sale systems. Thus, it would be advantageous to provide merchants with systems and methods to enable merchants to perform payment processing requests without being required to be PCI-compliant. PCI compliance is only one example of a restriction that can be placed on a merchant to protect encrypted payment device data and defines particular steps that a merchant must take to ensure that customer identification data is securely maintained. However, there may be other regulations which define other types of data that a merchant must secure or that limit the merchant's distribution of data. Thus, it would be desirable to provide merchants with systems and methods for greatly reducing costs to comply with these various regulations.