The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

The Coalfire Blog

New Guidelines Address PCI DSS Tokenization

August 19, 2011, Bruce DeYoung,

Bruce DeYoung

“Tokenization” is one of the best techniques to reduce the risk of credit card data loss. Basically, it is the process of substituting sensitive data with other values not considered sensitive. By doing this, tokenization technology essentially removes anything of value from the data stream, and, after all, what is not there cannot get stolen. This technique can be used with sensitive data of all kinds including financial transactions and medical records.

For the past several months I have been participating in the PCI Tokenization Task Force with a goal to create a guidance document for both merchants and payment application providers, and the result — the PCI DSS Tokenization Guidelines –are now available.

There are a number of companies offering tokenization solutions in the market. The PCI DSS Tokenization Guidelines will be helpful to merchants who are considering implementing tokenization in researching their solution options. That being said, standards and guidance documents by their nature are sometimes difficult to understand. I would encourage everyone to read this document in the context of their own business and within an appropriate-scaled control program and, if necessary, to consult with a tokenization consultant.

Since the inception of the PCI SCC, Coalfire has been a credentialed QSA and PA-QSA firm. In fact, being one of the top firms in both categories, we spend a great deal of time interacting with the council to more clearly understand the standards and guidance which they issue.

At Coalfire, we have participated in the Tokenization-focused groups with PCI SSC and have evaluated a number of vendor tokenization solutions. We understand that this information can be complex and we are here to help customers understand the information security topics and make the right compliance and risk management decisions for their business.

If you have any questions on the new guidelines, I hope you will post them below.

<< Go Back

Blog post currently doesn't have any comments.

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS