Radial Client-Side Encryption (CSE) with Tokenization

Here’s how it works:

  1. Install a small JavaScript (JS) file on your web storefront
    • This is simple to do. The end result means you don't need to store any sensitive data on your servers, significantly reducing PCI scope.
  2. Sensitive information entered by the shopper is encrypted directly in the browser, specifically:
    • The raw card number (a.k.a PAN) and the CVV
    • No other data is "client-side" encrypted directly in the browser. However other data (like expiration date, billing address, etc.) are still encrypted in the communications channel (HTTPS).

  3. Sensitive data received by Radial is stored with Radial's systems fully encrypted.
    • Radial decrypts the data and sends it to the payment provider as part of the payment authorization.
  4. A token is then created for you to use forever.
    • The payment provider responds back to Radial using tokenized data.
    • Radial stores the tokenized data in a highly encrypted vault, using rotating keys.

    • The token is used for all transactions at that point forward, and is valid forever.

    • If you want to store the card in the customer's webstore account, they simply reference the token for all future purchases.

  5. Result: your PCI burden is now reduced, down to SAQ A-EP.