Does storing tokens instead of card data reduce the PCI burden?

PCI Data Security Standard

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TJX should have had stronger Wi-Fi encryption, say Canadian officials

    TJX Cos. should have moved faster to upgrade its Wi-Fi security from WEP encryption to WPA encryption, say Canadian officials. 

  • Report: Companies still stumped by PCI DSS

    A VeriSign review of PCI Data Security Standard (PCI DSS) assessments it conducted found that more than half were still stumbling on the path to compliance. 

  • PCI DSS Requirement 1: Install and maintain a firewall configuration

    Simply installing a firewall on the network perimeter won't necessarily get you past PCI DSS Requirement 1. In this guide, Craig Norris explains the extra work that needs to be done. 

  • PCI DSS Requirement 10: Track and monitor network access

    Many organizations have disparate networks and must manually track each system's log files in order to comply with PCI DSS. Individually sifting through system logs can be a major drain on IT, especially when the cause of a compromise needs to be det... 

  • PCI DSS Requirement 3: Protecting stored data

    One of the biggest problems with PCI DSS requirement 3 is that merchants must accurately know where credit card data flows from its inception, where it traverses the network and resides, and what its "state" is along the way. Craig Norris explains ho... 

  • Conclusion: The Risk Mitigation Challenges of the "12 PCI Commandments"

    Understanding which requirements of the "12 commandments" are the most challenging can keep your organization from wasting time, money and effort on the wrong ideas or technical implementations. In this guide, Craig Norris draws some important PCI c... 

  • PCI DSS Requirement 11: Regularly test security systems and processes

    Craig Norris explains why internal and external network scans are necessary to complete Requirement 11 of the PCI Data Security Standard, one that frequently baffles security professionals. 

  • PCI DSS Requirement 8: Assign unique user IDs to those with access

    To pass a PCI compliance audit, organizations need to be capable of verifying who is attempting access to an asset. They also must control what employees are permitted to see or modify, and do so based on their organizational role. In this PCI surviv... 

  • Guide to passing PCI's five toughest requirements

    As data security breach threats increase and the Payment Card Industry (PCI) Data Security Standard's authority continues to expand, credit card-processing companies have little choice but to implement PCI's dozen requirements. Some best practices, h... 

  • PCI Pain: Is it time for an overhaul?

    Although the intent of the PCI Data Security Standard is to protect confidential payment information and reduce fraudulent activity, the standard's high expectations have inspired security professionals to ask "Is it worth it?" In this tip, security ...