Embracing Tokenization: Payment Without Pain
Today, it’s expected that merchants accept electronic payments. It’s more than expected that those payments are secure. No data leaks or breaches of any kind. The reality is many companies don’t truly understand the security vulnerabilities that electronic payments present… nor the solutions on the market. They may think they are secure, but in fact are at great risk.
The Payment Card Industry Security Standards Council (PCI SSC) has tightened compliance requirements, initially with their Data Security Standards (PCI DSS). Ever tightening, the compliance rules will become more stringent again in 2010. As a response, the industry has been flooded with solutions claiming to provide heightened security for a merchant's data. Undoubtedly, and often blindly, merchants invest in these offerings. In most cases out of fear, uncertainty and doubt. What companies don’t get is that most of these solutions are not bullet-proof.
Since companies think they are compliant and are indeed not they are at risk for a breach or an audit resulting in hefty fines that could bring them to their knees. Unfortunately, most find out the hard way.
What can help? In my view, tokenization is the answer. A solid tokenization solution can take companies into a safe harbor and remove all navigational stress from its shoulders.
According to the recent Gartner Group report, “Using Tokenization to Reduce PCI compliance Requirements,” “enterprises that have successfully implemented tokenization … have reduced the scope of …costly PCI compliance audits while keeping sensitive cardholder data more contained and secure.”
So what is tokenization, really? The bottom line is that tokenization is a technology that leapfrogs the better-known, traditional encryption. Sensitive data is removed from enterprise systems and, as an added bonus, the technology is complimentary to legacy enterprise systems.
Drilling down, tokenization affords companies the opportunity to eliminate the storage of sensitive information. It works by intercepting cardholder data entered into an enterprise payment acceptance system like a Web store, CRM, ERP or POS, and replacing it with a surrogate number known as a “token”, a unique ID created to replace the actual data associated with a specific card number. Put more simply, tokenization is different from any other security solution dealing with PCI issues because it’s “waterproof” vs. “water resistant” (encryption).
Tokenization offers the following two key benefits:
1. Software as a Service (SaaS) model ensures no customer card data resides within company systems
2. cost effectiveness and savings
1. Benefits of SaaS: Get it Out of My House
With a tokenization solution outsourced via a SaaS model and a reputable vendor, cardholder data never resides in the merchant’s environment.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data protection
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
