By eliminating the storage of cardholder data, merchants realize a multitude of financial, operational and security advantages. A tokenization solution requires minimal up-front capital expenditure, if any. And it saves on the back end, too, by preventing costly breaches. If thieves know you don't have any valuable data they have no reason to break into your systems. And in the event that the worse happens and someone figures out how to hack a token -- the breach would be extremely limited; there would only be access one card number.
According to Gartner, a company with 100,000 customer accounts spends $6 per account to roll out encryption appliances. A separate encryption solution is required for each place where credit card data is stored. In a large enterprise there can easily be 10 or 20 systems. That could add up fast.
Transferring card holder data off premises eliminates those capital expenditures. The less data on site, the less it costs to keep it secure. This will also reduce the complexity of a company's PCI audit. Because the merchant no longer stores cardholder data, it will be removed from the scope of PCI Requirement 3, reducing the number of questions needed to answer on the audit.
All in all, tokenization greatly reduces risk of breach, operational expenses and bad PR -- all of which ultimately saves money.
To choose a tokenization vendor, make sure it has expertise and execution experience. Vendors must be thoroughly vetted because they will become mission-critical business partners. There is no doubt there is a solution for every company. But you must pick the right partner that can fulfill all the company's requirements while understanding its level of size and complexity.
Tokenization is the answer to security, cost savings and general peace of mind. . . just be sure to ask the right questions.
Wine is CEO of Paymetric, a provider of integrated and secure electronic payment acceptance solutions that enable companies to streamline the order-to-cash process, reduce the scope and financial burden of achieving PCI compliance and improve return on electronic payment acceptance. Visit www.paymetric.com for additional information.
Read more about wide area network in Network World's Wide Area Network section.