Saturday, August 13, 2011

Tokenization Guidelines Released

Friday, the PCI Security Standards Council released it long-awaited tokenization guidelines. You can click here to get a copy.

I wrote about it on the 403 Labs blog , so I won't repeat myself. Also, Evan Schuman did a great job summarizing the implications on StorefrontBacktalk.

If you are contemplating tokenization at all, do yourself a favor and download and read carefully the Council's guidelines (along with the blog posts above). Especially see the very end of the guidelines where they talk about "high value tokens." In a lot of cases, your tokens might be these "high value" ones, and if so, they may be in scope for PCI...!

No comments:

Post a Comment