Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Tokenization (data security)
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Application to PCI DSS standards == The [[Payment Card Industry Data Security Standard]], an industry-wide set of guidelines that must be met by any organization that stores, processes, or transmits cardholder data, mandates that credit card data must be protected when stored.<ref>[https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml The Payment Card Industry Data Security Standard]</ref> Tokenization, as applied to payment card data, is often implemented to meet this mandate, replacing credit card and ACH numbers in some systems with a random value or string of characters.<ref>{{Cite web|title = Tokenization: PCI Compliant Tokenization Payment Processing|url = https://www.bluefin.com/products/tokenization/|website = Bluefin Payment Systems|access-date = 2016-01-14|language = en-US}}</ref> Tokens can be formatted in a variety of ways.<ref>{{Cite web|title = PCI Vault: Tokenization Algorithms|url = https://docs.pcivault.io/guides/tokenization-algorithms|website = PCI Vault|access-date = 2024-06-23|language = en-US}}</ref> Some token service providers or tokenization products generate the surrogate values in such a way as to match the format of the original sensitive data. In the case of payment card data, a token might be the same length as a Primary Account Number ([[bank card number]]) and contain elements of the original data such as the last four digits of the card number. When a payment card authorization request is made to verify the legitimacy of a transaction, a token might be returned to the merchant instead of the card number, along with the authorization code for the transaction. The token is stored in the receiving system while the actual cardholder data is mapped to the token in a secure tokenization system. Storage of tokens and payment card data must comply with current PCI standards, including the use of [https://www.pcisecuritystandards.org/security_standards/glossary.php#S strong cryptography].<ref>{{Cite web |url=http://www.hospitalityupgrade.com/_files/File_Articles/HUSum08_CounterPointOder_SecuredDataisNotStoredData.pdf |title=Data Security: Counterpoint β "The Best Way to Secure Data is Not to Store Data" |access-date=2009-06-17 |archive-url=https://web.archive.org/web/20090731031150/http://www.hospitalityupgrade.com/_files/File_Articles/HUSum08_CounterPointOder_SecuredDataisNotStoredData.pdf |archive-date=2009-07-31 |url-status=dead }}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Tokenization (data security)
(section)
Add topic
