Tokenization Guidance: How to Reduce PCI Compliance Costs

What's Next In Payments®
9:43 AM EDT January 5th, 2012

Thought the PCI Council’s guidelines lacked, well, guidance? Prime Factors released an actual roadmap providing PCI supplement highlights, merchant guidance, audit advice, and a tokenization audit checklist.

Click here download a free copy of Prime Factors’ white paper: Tokenization Guidance: How to Reduce PCI Compliance Costs.

On August 12, 2011, the PCI task force studying tokenization published an “Information Supplement” called the PCI DSS Tokenization Guidelines. Commonly known as the ‘Tokenization Guidance’ document, it discussed dos and don’ts of using token surrogates for credit card data. Tokenizing payment data holds the promise of improving security while reducing auditing costs, generating great demand amongst the merchant community. The introductory section of the supplement identifies the key principles to follow when selecting a token solution — ideas that can be distilled into the single question on the mind of every merchant, payment processor and auditor: How does tokenization alter PCI compliance?

The problem is that the document does not actually answer this central question, nor does it adequately address any of the key points raised in the introduction. For a set of guidelines, the supplement is sorely lacking in actual guidance. Even the section on “Maximizing PCI DSS Scope Reduction” is a collection of broad generalizations on security, rather than practical advice or definitive statements on scope. After spending the better part of the last two months with this wishywashy paper, I have come up with a better title: “Grudging Acknowledgement of Tokenization Without Guidance”.

So this paper will address merchant concerns left dangling by the PCI Council.

Click here to download a free copy of Prime Factors’ white paper: Tokenization Guidance: How to Reduce PCI Compliance Costs.

Comments
Also by This Author
What's Hot
International
CFPB Rule Change Will Keep Remittance Transfers Functional Worldwide Past July 2014
Alternative Financial Services
Mt. Gox Gives Up On Rebuilding, Files For Liquidation
Mobile
RetailMeNot Acquires Pickie for Personalized Shopping App
International
Russia Plans to Fine International Payment Systems for Freezing Accounts
View All Articles ››
You May Also Like
Company Spotlight
Different mPOS Strokes for Different mPOS Folks
International
Digital River Offers A Sneak Peak At Mobile eCommerce Trends
Mobile Commerce
Trustwave Buys Cenzic To Beef Up App Testing Capability
Commentary
LevelUp’s March to Free Payments
B2B Payments
Ariba: “B2B Payments Is Just Broken”
Cool
The Rise and Fall of Blackberry: Journey Through Photos
International
CFPB Rule Change Will Keep Remittance Transfers Functional Worldwide Past July 2014
View All Articles ››