From the course: Safeguarding Customer Credit Card Data: PCI Compliance

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Tokenization

Tokenization

From the course: Safeguarding Customer Credit Card Data: PCI Compliance

Start my 1-month free trial

Tokenization

- The first part of any PCI compliance exercise is to identify the systems and networks involved in processing, transmitting, or storing PANs. For example, a POS device can process and transmit a PAN. A server can process, transmit, or store a PAN. And a network device such as a router is part of the PAN transmission. If a system is involved in any part of the cycle, it is in scope for PCI and it must meet the requirements that are listed on that merchant's SAQ or ROC. The fewer the systems in scope, the less effort and cost involved in meeting PCI compliance. Tokenization in the workflow replaces the PANs from a certain point with tokens. A token is a number generated by an algorithm which can be safely stored by a merchant without any risk of loss. The token number is mapped to the PAN in the token vault store. Removing PANs from visibility on a merchant network reduces the size of the scope of systems involved in PCI…

Contents