Are you PCI DSS compliant yet? What is stopping you?
January 26, 2013 Leave a comment
The PCI tokenization solution show case at NRF was a grand success. I never would have believed the traffic through our booth and the interest. First of all, the show was huge!!! I am not kidding. Last year the attendance was 25,500 (http://www.nrf.com/modules.php?name=News&op=viewlive&sp_id=1302) and I am pretty sure this year they surpassed that. (Last count puts it at 27,600)
Intel had a big booth there and predominantly displayed was our PCI tokenization solution. The reason why our solution gained much visibility is, as one customer put it, you provide compliance and risk mitigation in one place.
The most effective PCI tokenization solution MUST have:
- Have the ability to create a security story NOT just a compliance story (I will blog about this later). In other words, not only reduce PCI scope but helps you protect card holder data
- High speed, high performing tokenization solution that is a capable of producing 10s thousands of tokens in a second, if needed
- A hardware based true random token generator
- Capable of producing upwards of 2 B tokens to scale up
- Proxy tokenization method without a need to touch any of your existing systems
- Not only the solution should be able to “automagically” detect PAN numbers but also allows you to preserve certain digits for routing, identification purposes on needs basis
- Allow you to use tokens as a surrogate for the original credit cards every time – “multi-use” tokens
- Allow you to either BYOD (Bring your own Database) or use an extra hardened, highly secure database provided for you
- Can handle data in any format and in any incoming channel
- Secure enough to do the tokenization in DMZ if needed
- Can work anywhere within enterprise, extended enterprise, including partner locations or virtual environments such as in the cloud
Checkout Intel’s Tokenization Buyers’ guide on how to do this the effective way.