How do VGS Collect and VGS Show help me achieve PCI Compliance?

According to PCI DSS compliance guidelines, anything that stores or handles Sensitive Cardholder Data is considered to be within PCI Scope. All assets, including applications and databases, that can access raw cardholder data, are within scope. To make PCI Compliance a breeze, VGS has created two distinct solutions called VGS Collect and VGS Show that are designed to descope your applications from PCI DSS requirements. 

VGS Collect

VGS Collect is our solution to descoping your applications that you use to collect credit card data. While collecting card data and using the inbound proxy can descope your backend, using your own code to collect PCI data would put your front end in scope, and subject to the scrutiny and regulation of PCI QSAs. VGS Collect descopes your application by allowing you to not have to collect the data using your own code. Instead, VGS Collect loads the submission form within our own secure iframes, hosted from our PCI Level 1 environment. 

Collect.js is our solution for descoping web-based applications, and is a JavaScript library that allows you to configure how you want to render the iframes. Collect.js code allows you to define your Vault that you are collecting data into, define the fields that will collect our data, and lets you have a callback function to handle the response from your server that receives the aliased data. Collect.js also lets you format the input fields, allowing you to define things such as placeholders, masking, reading credit card types (and defining your own!) to give you control over how the input fields are displayed to your users.

The Collect SDK is the iOS and Android counterpart to Collect.js, that allows you to integrate VGS Collect seamlessly with your mobile application, without needing to use Collect.js inside of a webview. With the Collect SDK, your application has as much control over VGS Collect in your mobile application as it does with Collect.js.

VGS Show

VGS Show is the inverse of VGS Collect, allowing you to display PCI sensitive data within your applications without putting your application within scope. Similar to Collect, VGS Show also loads information into our secure iframes, only instead of loading a form to submit data, the iframes host sensitive information from our environment instead of putting it inside of yours.

Show.js is the counterpart to Collect.js, and is a JavaScript library that you can use to load PCI data into your iframes. The Show.js library allows you to format how you want PCI data to be displayed, from font, text color and size, to defining behaviors on mouseover events, formatting revealed data (ie, taking the raw pan 4111111111111111 and displaying it as 4111-1111-1111-1111), and control over how such data gets copied to the clipboard at the click of a button. All of the sensitive information and code will be hosted on VGS's servers and displayed in the iframe, from customers PANs to the copy button.

The Show SDK is the mobile counterpart to Show.js, and the Show counterpart to the Collect SDK. The Show SDK allows you to display customer card information directly to your customers on their phone, loaded securely from within the VGS PCI Level 1 environment, keeping your mobile app out of PCI scope and compliance obligations.

VGS Show is useful for displaying PCI data, and has to be enabled by VGS Support. For compliance reasons, we ask for your use case to document it for when VGS gets audited for PCI compliance. If you are looking to reveal non-PCI data to your customers, you do not need to use VGS Show, you can simply use the inbound proxy and configure it to Reveal data upon the Response phase when your servers respond to the request with VGS aliases. 


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.