With retailers struggling to get compliant with the Payment Card Industry Data Security Standard, qualified security assessors are going to be in more demand and can offer tokenization as one way of achieving compliance.
That’s according to TokenEx, which recently hosted a webinar to help retailers better understand tokenization. In a press release, TokenEx pointed to a new analysis by SecurityScorecard that shows the alarming rate at which retailers aren’t prepared. It found based on an analysis of 1,444 domains from October of 2017 to March of 2018 that about 91 percent of retailers did not comply with the Payment Card Industry Data Security Standard, which puts them at risk from a data protection point of view.
According to TokenEx, the higher percentage of retailers that aren’t complying with the Payment Card Industry Data Security Standard is likely the result of companies’ inability to keep up with the changing regulations and cybercriminals that are constantly getting more sophisticated. As a result, it provides an opportunity for qualified security assessors, or QSAs, to help companies identify vulnerabilities and gaps in compliance and at the same time recommend solutions and areas that the retailers can improve.
According to the company, achieving and maintaining PCI DSS compliance can be a difficult and labor-intensive process, with the processes different from one industry to the next and from one business type to the next. The company noted that tokenization is a solution especially known for its effectiveness with scope-reducing measures, but it operates differently from traditional compliance options such as segmentation and encryption. To help retailers better understand tokenization, TokenEx’s CEO Alex Pezold, a former qualified security accessor, along with TokenEx head of global privacy and compliance solutions John Noltensmeyer, recently hosted a webinar to discuss how qualified security accessors should approach assessing a tokenization environment. The two executives covered a range of topics including network and payment tokens, the tokenization landscape, and maximizing scope reduction, among other timely subjects.