PCI SSC Issues Guidance to Meet Demand for Tokenization Products (April 7, 2015)
The PCI Security Standards Council (PCI SSC) has developed “Tokenization Product Security Guidelines” because of the rising demand for tokenization products. The council last week issued guidance for solution providers and vendors to develop tokenization products that assist acquirers and merchants in reducing storage of payment card data, better protecting cardholder data and mitigating fraud.
Payment tokenization is the process of temporarily replacing a traditional card account number with a unique payment token that’s restricted in how it can be used with a specific device, merchant, transaction type or channel. When using payment tokenization, merchants and digital wallet operators do not need to store card account numbers; instead they’re able to store payment tokens that can be used only for their designated purpose.
“Minimizing the storage of card data is a critical next step in improving the security of payments, and tokenization does just that,” said Stephen Orfei, PCI SSC general manager. The council comprises organizations that span the payments value chain and sets standards seeking to ensure that personal and financial information shared during financial transactions remains safe.
Orfei added that helping merchants use tokenization, point-to-point encryption (P2PE) and EMV chip technologies as part of a layered security approach in payment channels has been a big focus. “We will continue to collaborate with acquirers and those across the industry to reduce risk and simplify payment security efforts for merchants.”
See related stories: