Similar to VGS Collect, VGS Show (including Show.js and the VGS Show SDKs) is used to descope applications that handle PCI data from PCI scope. Any application whose code directly handles PCI data is considered within PCI scope. VGS Collect and Show descope these applications by loading the PCI sensitive data into secure iframes loaded from our PCI Level 1 environment that can be displayed in an application.
If you are a card issuer, or if you collect Credit Card data from your customers, you can use VGS Show to reveal your customer's card data to themselves. VGS Show will securely load the revealed information into our iframe, and your application and display that iframe to your customer.
If you are looking to reveal non-PCI data to your customers, you do not need to use VGS Show. You can, instead, use the inbound proxy, opting to Reveal data on the Response phase of the request, like so:
VGS Show is only to be used when revealing the customers' own Credit Card data to themselves. VGS Show cannot be used to reveal aliased credit card data collected from your customers to your company's agents. Revealing customer credit card data to one of your agents (for instance, to have them process a transaction manually), would not descope whatever application your agents are using, even if the sensitive data is in our secure iframe, because the cardholder data is being revealed to those who are not the actual cardholder.
In the event you have a flow where you need your agents to process a transaction manually, you can use the inbound proxy to alias the information from the customers, and have your agents use the outbound proxy to send the aliased data to whatever upstream that data needs to go to, revealing it on the request phase to the PCI compliant 3rd party.