This mini learning guide offers a brief introduction to tokenization technology, as well as PCI DSS encryption requirements. Learn more about the future of tokenization and how the technology may help to ease PCI DSS compliance burdens.
PCI DSS compliance benefits of tokenization (see link below)
Tokenization not only helps keep confidential data out of the hands of malicious hackers, but also offers a less expensive strategy for achieving PCI compliance without adding native encryption to point-of-sale devices.
In this tip, identity management and access control expert Joel Dubin defines tokenization, examines whether it's effective and how it can reduce costs for organizations as they seek to comply with PCI DSS encryption requirements.
The future of PCI DSS encryption requirements? Tokenization for PCI DSS (see link
Can tokenization help reduce the scope of PCI DSS? How does tokenization make it easier to comply with PCI DSS encryption requirements?
In this tip, you will more about the future of tokenization and how the technology can help organizations supplement their compliance with PCI DSS encryption requirements by reducing the risk of unauthorized access to/breaches of information while still allowing organizations to use sensitive information to process transactions in a format they expect, with little modification to business workflows.
Tokenization and PCI compliance (see link below)
For everyone in the payment lifecycle, the sensitive data firms need to do business can be a massive liability. It must be constantly protected and monitored to prevent theft. Financial-services firms such as card issuers and acquirers have a seemingly impossible mission: they must make sure merchants protect the card data, but don't have direct control over whether merchants follow through. Enter tokenization technology.
Tokenization offers an alternative to companies struggling to get and stay compliant with the PCI Data Security Standard. In this tip, PCI DSS expert and QSA Ed Moyle explains how tokenization attempts to minimize the amount of data the business needs to keep on hand, and how tokenization can help with PCI DSS compliance woes.
PCI DSS compliance help: Using frameworks, technology to aid efforts (see link
The 12 Payment Card Industry Data Security Standard (PCI DSS) requirements all come with their own pitfalls and questions, often leaving security professionals frustrated with the regulation's strict guidelines, and eager to seek out advice and a little help for achieving compliance with the PCI DSS.
This mini-guide offers a variety of tips and information on how organizations can use several frameworks, technologies and standards, such as tokenization, ISO 27002, Secure Hashing Algorithm and other existing controls to help manage PCI DSS efforts and ease the compliance burden.
This was first published in March 2010