Tokenization alone does not validate merchant compliance, says PCI Council
15 August, 2011
category: Financial
On Friday the PCI Security Standards Council released guidance on tokenization, saying that implementation of a token program does not automatically grant merchant compliance with the Payment Card Industry Data Security Standard (PCI DSS).
SCMagazineUS.com reports that although a tokenization solution is not a sure-fire way for merchants to be compliant with the standards, it does make it easier to meet the requirements of the PCI DSS because the solution allows merchants to remove systems that contain customers’ personal credit card data.
Tokenization programs work by replacing the 16-digit primary account number on the front of a debit or credit card with a token value. This reduces a hacker’s ability to steal credit card information from a database.
With at least a dozen tokenization products on the market, merchants can have trouble navigating the waters in terms of choosing a program that can better help them reach compliance. The PCI Security Standards Council provides guidelines to aid in tokenization product selection.
Read more here.