The ability of OpenText™ Alloy™ to interrogate purchase orders for specific information met the pharmaceutical manufacturer’s goal of eliminating the need for annual PCI compliance audits and streamlining the process.
The pharmaceutical manufacturer’s customers sent purchase orders for the more than 10,000 products offered by the Life Sciences company directly to the company for processing, a significant number of purchase orders come with card numbers. Possession of this information resulted in annual PCI compliance audits each year, which cost money and burden staff resources.
An added challenge was finding a partner that could review purchase orders on an individual basis to determine if financial information was included, as well as working with the company’s existing tokenization provider and ordering system without investing in new infrastructure.
Filling the gaps between the tokenization provider and the pharmaceutical manufacturer required a robust, flexible solution and a partner with the ability to work with other companies to help the Life Sciences client reach the goal of moving PCI compliance outside its four walls.
OpenText™ Alloy™ helped the pharmaceutical manufacturer meet its goal.
All purchase orders are initially processed through Alloy, and each is interrogated to determine if credit card information is present. If no financial information is included, the PO is sent directly to the company for processing.
If credit card information is present, Alloy contacts the tokenization provider first for a token to be assigned. The token, along with some descriptive information, is added to the PO, which is then sent to the company. This process ensures proper payment information for all orders but removes the responsibility of PCI compliance from the Life Sciences company.
The ability of Alloy to interrogate purchase orders for specific information met the pharmaceutical manufacturer’s goal of eliminating the need for annual PCI compliance audits at the company and streamlining the process. Because Alloy is already a PCI-compliant environment and OpenText assumes the responsibility of ongoing PCI compliance, the company was then able to divert dollars and staff resources normally assigned to the audit to other mission critical activities.
Alloy supported the complex integration, enabling the receipt, interrogation and transfer of purchase orders to either the tokenization provider or the company in a seamless manner that did not disrupt the flow of orders.