Blog

Encryption method receives PCI compliance standards

August 30, 2011

The Payment Card Industry Security Standards Council recently released merchant guidelines for tokenization, a data encryption method used to safeguard against account breaches ISO & Agent Weekly reports.

The Payment Card Industry Security Standards Council recently released merchant guidelines for tokenization, a data encryption method used to safeguard against account breaches, ISO & Agent Weekly reports.

Tokenization involves the random generation of proxy numbers that replace actual credit card numbers at the point of sale, and acts as an additional layer of protection in addition to encryption. However, this process, while an effective safeguard method, lacked standards for use.

The PCI Council released these guidelines as a means to educate merchants on tokenization options based on their business strategies.

“Many different companies are selling a tokenization [service], and all have merit and are needed,” Bob Russo, council general manager, told the news source. “But the merchant needs help in knowing which way to do tokenization may be best for them.”

CSNews adds that the council’s supplement discusses best practices for selecting a tokenization solution and defines areas where specific controls need to be applied.

The news source adds that this method may eventually remove the need for a merchant to hold onto customers’ primary account numbers after an initial transaction.  

Back To Blog