The Payment Card Industry Data Security Standard (PCI-DSS) requires that every system that transmits or stores credit card data is subject to review and must meet
certain standards else substantial penalties will apply.
Tokenization is the process of replacing sensitive information, such as credit card numbers, with tokens that are not subject to PCI-DSS. The tokens are “random” values that resemble the sensitive data they replace, but they lack intrinsic value and are therefore useless to hackers.
Removing credit card data from all or part of your environment sounds like a good security measure, and it is. The fact that tokenization can be far cheaper in many cases than alternatives such as encryption, makes this solution an attractive one. Here we will examine tokenization and its standing amongst other compliance strategies.
- What is PCI-DSS Compliance?
- Solutions that are available
- What is a Token Service?
- How it Works
- What Does a Token Look Like
- How Tokenization Reduces the Cost for PCI-DSS Compliance