Tag Archives: tokenization

More PCI encryption, tokenization options emerge for compliance

Personally, I am looking forward to tokenization of cardholder data and the elimination of local PAN storage greatly simplifying DSS compliance.

The use of tokens to mask sensitive data is taking hold in the payment industry, with merchants now having the option to use third-party service providers or install their own tokenization server to protect credit card data.

The market for a combined tokenization and encryption package has been simmering, buoyed by merchants trying to find ways to simplify the payment process and meet PCI encryption requirements. The latest guidance from the PCI Security Standards Council suggests that the market for tokenization and point-to-point encryption for PCI compliance is still in its infancy.

More PCI encryption, tokenization options emerge for compliance.

PCI tokenization guidance could benefit payment processors

Options continue to open for methods of credit card processing and PCI compliance.

The Payment Card Industry Security Standards Council (PCI SSC) is expected to release guidance later this year on the use of tokens to replace credit card data, a move that could benefit some payment processors that sell technologies using encryption and tokenization to eliminate sensitive card information from merchant systems.

In a recent interview, Bob Russo, general manager of the PCI SSC, said he didn’t expect any major changes to PCI DSS, which is undergoing a revision this year. But guidance documents are being developed to help merchants decide whether investing in encryption or PCI tokenization technologies is a wise move.


Depending on the industry, merchants have the ability to store the data either encrypted or replaced with a token on their own servers, or send the data to the payment processors systems, where it is stored for later use. One industry expert said the PCI guidance will make it clear that merchants could be PCI certified if they have no ability to access the sensitive data.

via PCI tokenization guidance could benefit payment processors.