Overview
The VGS Show.js JavaScript library enables you to securely display sensitive data in a webpage while safely isolating that sensitive data from your systems and any 3rd party scripts. This enables you to instruct VGS to securely share data directly with your users while limiting your data security compliance burden.
VGS Show.js injects a secure iframe into your HTML. Very Good Security hosts this iframe so that you can utilize this iframe to selectively display sensitive data to your users while only handling non-sensitive aliased data on your servers. Very Good Security hosts both the iframe and the data on secure, compliant servers.
You can use VGS Show.js to present a complete card—including individual elements like the PAN, expiration date, and CVV.
At the end of the guide, you should understand:
How to integrate with VGS Show.js
How to authenticate and return an alias when the user requests the data
How to inject the VGS Show.js iframe into your webpage
Prerequisites
Obtain an existing VGS alias for some data
Ensure you have an inbound route set up that will de-alias the sensitive data on the response phase of the request
A note about data security compliance
Companies that store, transmit, or process sensitive card data, including the primary account number (PAN), expiration date, and card verification value (CVV2), must comply with the Payment Card Industry Data Security Standard (PCI DSS).
Achieving PCI DSS certification without Very Good Security is both time-consuming and expensive. VGS Show.js offloads the PCI compliance burden (for certain use cases) by enabling the encrypted transmission of sensitive card data from Very Good Security directly to your cardholder or a PCI-compliant processor. Very Good Security is fully PCI-Level 1 compliant and handles sensitive card data transactions for you so that your servers never store, transmit, or process the card data.
Secure data flow
The following diagram describes how Show.js injects an iframe into your application:
What's next?
Last updated