Learning Guide

Understanding tokenization amid PCI encryption requirements

    Requires Free Membership to View

Achieving compliance with PCI DSS encryption requirements is no easy feat. However, tokenization, a growing technology that enables a token to replace a credit card number in an electronic transaction, is emerging as a useful, complementary strategy for saving time, money and turmoil during your PCI DSS compliance processes.

This mini learning guide offers a brief introduction to tokenization technology, as well as PCI DSS encryption requirements. Learn more about the future of tokenization and how the technology may help to ease PCI DSS compliance burdens.

PCI DSS compliance benefits of tokenization (see link below)
Tokenization not only helps keep confidential data out of the hands of malicious hackers, but also offers a less expensive strategy for achieving PCI compliance without adding native encryption to point-of-sale devices.

In this tip, identity management and access control expert Joel Dubin defines tokenization, examines whether it's effective and how it can reduce costs for organizations as they seek to comply with PCI DSS encryption requirements.

The future of PCI DSS encryption requirements? Tokenization for PCI DSS (see link below)
Can tokenization help reduce the scope of PCI DSS? How does tokenization make it easier to comply with PCI DSS encryption requirements?

In this tip, you will more about the future of tokenization and how the technology can help organizations supplement their compliance with PCI DSS encryption requirements by reducing the risk of unauthorized access to/breaches of information while still allowing organizations to use sensitive information to process transactions in a format they expect, with little modification to business workflows.



Tokenization and PCI compliance (see link below)
For everyone in the payment lifecycle, the sensitive data firms need to do business can be a massive liability. It must be constantly protected and monitored to prevent theft. Financial-services firms such as card issuers and acquirers have a seemingly impossible mission: they must make sure merchants protect the card data, but don't have direct control over whether merchants follow through. Enter tokenization technology.

Tokenization offers an alternative to companies struggling to get and stay compliant with the PCI Data Security Standard. In this tip, PCI DSS expert and QSA Ed Moyle explains how tokenization attempts to minimize the amount of data the business needs to keep on hand, and how tokenization can help with PCI DSS compliance woes.

PCI DSS compliance help: Using frameworks, technology to aid efforts (see link below)
The 12 Payment Card Industry Data Security Standard (PCI DSS) requirements all come with their own pitfalls and questions, often leaving security professionals frustrated with the regulation's strict guidelines, and eager to seek out advice and a little help for achieving compliance with the PCI DSS.

This mini-guide offers a variety of tips and information on how organizations can use several frameworks, technologies and standards, such as tokenization, ISO 27002, Secure Hashing Algorithm and other existing controls to help manage PCI DSS efforts and ease the compliance burden.

This was first published in March 2010

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: