Custom Search
|
|
Tokenization Pci Compliance
Tokenization is an attempt to mitigate the risks inherent in storing credit card data. In the same way that end-to-end encryption helps to protect data in transit, tokenization helps to protect data at rest. With data in transit is increasingly targeted by nefarious hackers (and making big headlines), it is easy to overlook the fact that data at rest can be equally prone to theft. As a process, tokenization replaces credit card data with a unique "token" that acts as a reference pointer to that credit card data. Using this logic, a credit card transaction sends this reference pointer token along the payment chain. At the processing end of the payment chain, the token is verified and the transaction processed, all without having exposed any sensitive cardholder data to the various networks along the payment chain. And because tokens are produced for accounts, rather than for specific transactions, stored tokens can be effectively used for scheduled automatic payments as well. Because the merchant uses a “token,” rather than real credit card data, and relies on the payment processor to assign that token (and to transmit and/or store card data), merchants relying on tokenization decrease their “scope” relative to PCI compliance, transferring the onus of the most critical aspects of PCI compliance to the payment processor. Tokenization eliminates the need for actual credit card data to be stored or transmitted by the merchant and, in many cases, allows for an easier PCI SAQ process. And with some payment solutions offering both tokenization and end to end encryption, the result is an integrated solution that protects data both in transit and at rest. Related Posts and Pages: End-to-End Encryrption Emerges a Winner from PCI SSC Meeting Credit Card Tokenization Article Directory: http://www.articledashboard.com Author Bio |
|