From Bobs Guide
“The Payment Card Industry Data Security Standard (PCI-DSS) was created to increase controls around cardholder data to reduce credit card fraud via its exposure.From nearly the beginning of its introduction, the standard has been criticised for the expense associated with annual certification and for security being less than advertised. The recent increase in public data breaches has underlined concerns around whether the investment required provides the level of security needed.
Many conversations around options for security have suggested use of tokenization, which substitutes sensitive cardholder information with tokens. Since the tokens contain no cardholder or card data, they present no value to criminals and improve consumers’ level of trust. In addition, issuers avoid the expense associated with notification, loss reimbursement, and legal action. Furthermore, by removing the need to store actual card details, this approach significantly reduces the costs and hours associated with the compliance requirements.
By eliminating the need to store sensitive information, a successful tokenization strategy would also enable merchants to shift many business processes and IT systems to the cloud realising significant advantages in IT efficiency, costs and flexibility provided in that environment.”
read more>>
