If you follow secure payment news, you’ve probably noticed that tokenization is a hot topic these days. In recent years, it’s been increasingly deployed by small and mid-sized businesses to bolster the security of credit card and e-commerce transactions. In response to the technology’s growing popularity, the PCI Council has published a 23-page PCI DSS Tokenization Guidelines Information Supplement to provide greater clarity on how specific technologies relate to the PCI Security Standards and impact compliance. 

Although there are no industry standards yet regarding implementation, the industry group’s guidelines offer advice to merchants on evaluating and utilizing tokenization. According to the council, a properly deployed tokenization solution can reduce or remove the need for a merchant to retain sensitive customer information once the initial transaction has been processed. But they also warned that tokenization will not eliminate a merchant’s need to comply with PCI DSS.

Overall, the release of the supplement will help merchants make better decisions in evaluating their card payment processes and options. But given the influence tokenization is having on emerging practices, it’s important for the industry to have strong insight into where PCI is going.

According to a recent survey, a whopping 67 percent of PCI-regulated companies are still not in full compliance with the standard. As worldwide security threats grow and compliance standards evolve, the SPVA and other industry groups will have to work hard to stay one step ahead. Our member-driven Technical Working Groups are constantly evaluating the latest information to keep stakeholders informed and one step ahead of what they are reading in the news.

Interested in learning how SPVA can help you? Contact me at 404.803.0636, steven.hughes@spva.org or visit www.SPVA.org.