We are considering the implementation of a credit card tokenization system to support Payment Card Industry Data Security Standard (PCI DSS) compliance. For our environment, tokenization would ease compatibility with interconnected systems, whereas encryption would be much more challenging. However, does tokenization guarantee that we'll be able to scope out systems that would otherwise have to receive card data?