PCI Video
Podcast
Quick Guides
Case Studies
White Paper
Example of what the PCI Compliance Self Assessment would look like using Braintree's solutions.

Using tokenization to secure credit card data and meet PCI Compliance requirements

Posted on Friday, October 12, 2007 by Bryan Johnson

PCI Compliance requires that merchants properly protect credit card data. The difficulty with that requirement is that storing it onsite often requires expensive hardware and software upgrades. Tokenization provides an alternative to expensive on site storage and allows merchants to store all sensitive customer data remotely in a PCI Compliant environment, without spending money on any upgrades. IT Security expert Joel Dubin explains it well:

Tokenization is a technology that enables a token to replace a credit card number in an electronic transaction. This token or reference number is meant to prevent the theft of the credit card number during electronic transmission and storage of a transaction. Since the reference number can't be used for transactions or fraudulent charges, there is little harm done if it's stolen.
Tokenization [can make] systems compliant without costly changes by using a 16-digit randomly generated number resembling a card number. The only numbers from the original card are it's last four digits, which become the first four of the token. Using only these four numbers, the token is still PCI compliant.

For credit card processing, merchants get a unique token associated with the information that was submitted to an off-site vault. This unique customer identifier can then be used to remotely initiate transactions and change or delete files. Using this technology, merchants can completely eliminate the need to store credit card information on site. Using tokens is not limited to storing credit card information. It can be used to store all sensitive customer information including banking account information, drivers license numbers, social security number, image documents, and just about anything else.

Other related posts:
PCI DSS Compliance basics for credit card security
PCI DSS Compliance and the cost of a credit card breach
Braintree solutions: The Smart Approach to PCI DSS Compliance

Add this post to other sites: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Furl
  • NewsVine
  • Reddit
  • YahooMyWeb
  • StumbleUpon
Comments 0 Contact Us

Post a comment


(required, but not displayed)

(optional)