Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Tokenization (data security)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Application to PCI DSS standards == The [[Payment Card Industry Data Security Standard]], an industry-wide set of guidelines that must be met by any organization that stores, processes, or transmits cardholder data, mandates that credit card data must be protected when stored.<ref>[https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml The Payment Card Industry Data Security Standard]</ref> Tokenization, as applied to payment card data, is often implemented to meet this mandate, replacing credit card and ACH numbers in some systems with a random value or string of characters.<ref>{{Cite web|title = Tokenization: PCI Compliant Tokenization Payment Processing|url = https://www.bluefin.com/products/tokenization/|website = Bluefin Payment Systems|access-date = 2016-01-14|language = en-US}}</ref> Tokens can be formatted in a variety of ways.<ref>{{Cite web|title = PCI Vault: Tokenization Algorithms|url = https://docs.pcivault.io/guides/tokenization-algorithms|website = PCI Vault|access-date = 2024-06-23|language = en-US}}</ref> Some token service providers or tokenization products generate the surrogate values in such a way as to match the format of the original sensitive data. In the case of payment card data, a token might be the same length as a Primary Account Number ([[bank card number]]) and contain elements of the original data such as the last four digits of the card number. When a payment card authorization request is made to verify the legitimacy of a transaction, a token might be returned to the merchant instead of the card number, along with the authorization code for the transaction. The token is stored in the receiving system while the actual cardholder data is mapped to the token in a secure tokenization system. Storage of tokens and payment card data must comply with current PCI standards, including the use of [https://www.pcisecuritystandards.org/security_standards/glossary.php#S strong cryptography].<ref>{{Cite web |url=http://www.hospitalityupgrade.com/_files/File_Articles/HUSum08_CounterPointOder_SecuredDataisNotStoredData.pdf |title=Data Security: Counterpoint β "The Best Way to Secure Data is Not to Store Data" |access-date=2009-06-17 |archive-url=https://web.archive.org/web/20090731031150/http://www.hospitalityupgrade.com/_files/File_Articles/HUSum08_CounterPointOder_SecuredDataisNotStoredData.pdf |archive-date=2009-07-31 |url-status=dead }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)