Following standards set by Recurly, Simple Renew implements a system for using encrypted billing tokens.
"Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenization system."Wikipedia, Tokinization (data security)
This prevents any sensitive financial data from passing through the server on which Simplerenew is running. This limits the need for users of this application to go through any additional PCI certification as this is the responsibility of the gateway provider (Recurly).
For further reading:
- Tokenization Guidelines by the PCI Security Standards Council
- Recurly PCI Compliance (in particular the section on recurly.js)