Options continue to open for methods of credit card processing and PCI compliance.
The Payment Card Industry Security Standards Council (PCI SSC) is expected to release guidance later this year on the use of tokens to replace credit card data, a move that could benefit some payment processors that sell technologies using encryption and tokenization to eliminate sensitive card information from merchant systems.
In a recent interview, Bob Russo, general manager of the PCI SSC, said he didn’t expect any major changes to PCI DSS, which is undergoing a revision this year. But guidance documents are being developed to help merchants decide whether investing in encryption or PCI tokenization technologies is a wise move.
Depending on the industry, merchants have the ability to store the data either encrypted or replaced with a token on their own servers, or send the data to the payment processors systems, where it is stored for later use. One industry expert said the PCI guidance will make it clear that merchants could be PCI certified if they have no ability to access the sensitive data.