The Coalfire Blog
New Guidelines Address PCI DSS Tokenization
August 19, 2011, Bruce DeYoung,
“Tokenization” is one of the best techniques to reduce the risk of credit card data loss. Basically, it is the process of substituting sensitive data with other values not considered sensitive. By doing this, tokenization technology essentially removes anything of value from the data stream, and, after all, what is not there cannot get stolen. This technique can be used with sensitive data of all kinds including financial transactions and medical records.
<< Go Back
For the past several months I have been participating in the PCI Tokenization Task Force with a goal to create a guidance document for both merchants and payment application providers, and the result — the PCI DSS Tokenization Guidelines –are now available.
There are a number of companies offering tokenization solutions in the market. The PCI DSS Tokenization Guidelines will be helpful to merchants who are considering implementing tokenization in researching their solution options. That being said, standards and guidance documents by their nature are sometimes difficult to understand. I would encourage everyone to read this document in the context of their own business and within an appropriate-scaled control program and, if necessary, to consult with a tokenization consultant.
Since the inception of the PCI SCC, Coalfire has been a credentialed QSA and PA-QSA firm. In fact, being one of the top firms in both categories, we spend a great deal of time interacting with the council to more clearly understand the standards and guidance which they issue.
At Coalfire, we have participated in the Tokenization-focused groups with PCI SSC and have evaluated a number of vendor tokenization solutions. We understand that this information can be complex and we are here to help customers understand the information security topics and make the right compliance and risk management decisions for their business.
If you have any questions on the new guidelines, I hope you will post them below.
Blog post currently doesn't have any comments.