Implementing tokenization is much more about understanding how your organization interacts with payments than it is simply rolling out a device that will tokenize payment card data. Many tokenization solutions in the market today are a “silver bullet” and can remove your environment from PCI scope. Beware though, most solutions address only one piece of the tokenization puzzle.Read more
Don’t be fooled. Implementing tokenization may not be as easy as they say. In fact, depending on your environment, implementing tokenization can be quite complex. For instance, if your company is a wholesaler and takes payments through multiple channels, implementing tokenization in all of those channels can be quite challenging.Read more
How do you know if Tokenization is the right data security solution for your environment? Depending on how sensitive data flows throughout your environment, integrating a tokenization solution may not be the right solution. For instance, tokenizing a very small environment does not make sense if point-to-point encryption can provide the necessary means for data protection. Conversely, tokenization can drastically reduce, if not eliminate, a majority of your environment from PCI Scope.Read more
Right now two things keep me from getting a good night’s sleep:
The first – the anticipation of whether we’ll experience another earthquake in Oklahoma.
The second – the explosion of transmittal of electronic medical records (EMR) across the Internet.
Read more
In case you missed it, the PCI Security Standards Council (SSC) published the initial release of the much anticipated Point-to-Point Encryption Solution (P2PE) Requirements document last month. Many of you are probably asking, “Why do I care?” – a good question in a day and age with so much information and noise. If you’ll allow me, I’d like to answer two better questions! But first, to answer, this document is significant because it is at the heart of the fiery topic of PCI scope.Read more
