Implementing tokenization is much more about understanding how your organization interacts with payments than it is simply rolling out a device that will tokenize payment card data. Many tokenization solutions in the market today are a “silver bullet” and can remove your environment from PCI scope. Beware though, most solutions address only one piece of the tokenization puzzle.Read more
Don’t be fooled. Implementing tokenization may not be as easy as they say. In fact, depending on your environment, implementing tokenization can be quite complex. For instance, if your company is a wholesaler and takes payments through multiple channels, implementing tokenization in all of those channels can be quite challenging.Read more
How do you know if Tokenization is the right data security solution for your environment? Depending on how sensitive data flows throughout your environment, integrating a tokenization solution may not be the right solution. For instance, tokenizing a very small environment does not make sense if point-to-point encryption can provide the necessary means for data protection. Conversely, tokenization can drastically reduce, if not eliminate, a majority of your environment from PCI Scope.Read more
Today, the PCI SSC finally released tokenization guidelines. Nothing too surprising in the guidelines, but they did bring up several interesting points. One of my favorites is:
“When evaluating a tokenization system, it is important to consider all elements of the overall tokenization solution. These include the technologies and mechanisms used to capture cardholder data and how a transaction progresses through the merchant environment, including transmission to the processor/acquirer. The tokenization solution should also address potential attack vectors against each component and provide the ability to confirm with confidence that associated risks are addressed.”Read more
