White Paper: Where the PCI Council Got It Wrong on Tokenization

Dec. 19, 2011

Prime Factors, a Eugene, Ore.-based data security company, recently responded to the August publication of the PCI DSS Tokenization Guide with a white paper of its own that attempted to address what it calls the shortcomings of the PCI document. Tokenization Guidance: How to Reduce PCI Compliance Costs, licensed by Prime Factors and completed by research firm Securosis, said the PCI Tokenization Guidance doesn’t answer the central question it purports to examine: How does tokenization alter PCI compliance? “They released ‘guidelines’ which are lacking in guidance,” the authors said. Prime Factors said the paper helps the merchants determine what is in or out of scope and provides audit advice and a tokenization audit checklist for how PCI requirements apply to systems that use tokenization. “Given that tokenization offers better security, simplifies data storage security, and makes audits easier, it’s baffling that the [PCI] Council failed to offer clear advice that would encourage adoption,” the paper concluded. “Discovering what’s missing from the official guidelines—usually only discovered after purchasing a product and coming to grips with how it really works—is no recipe for success. To request a copy of the white paper click here.


  • EC Seeking Feedback on Cross-Border VAT Rules - Oct. 1, 2015
    EC Seeking Feedback on Cross-Border VAT Rules

    The European Commission (EC) is inviting businesses, industry groups and members of the public from around the world who engage in European cross-border e-commerce to help identify ways to simplify the Value-Added Tax (VAT) on those kinds of transactions.

  • Apple App Store Experiences First Large-Scale Hack - Sept. 21, 2015
    Apple App Store Experiences First 

Large-Scale Hack

    On Sunday, Apple acknowledged reports that had been leaking out during the second half of last week that said the App Store had been hacked on a large scale for the first time, with perhaps hundreds of apps infected with malicious code having been approved by Apple's stringent app review process.

  • Report: Worldpay Goes IPO - Sept. 21, 2015
    Report: Worldpay Goes IPO

    U.K.-based e-commerce acquirer and processor Worldpay, which has been courted by several high-profile companies as a possible acquisition target worth up to $9 billion, seems to have resolved to go the IPO route, according to a regulatory filing made public on Friday.

  • PayPal Bets on Gambling - Sept. 17, 2015
    PayPal Bets on Gambling

    According to an iGaming Business report, PayPal has reevaluated its position on processing payments for online gambling sites and has integrated with several gambling Websites.




Sign Up Today Free

Receive the twice weekly CNP Report and monthly feature articles providing in-depth examinations of global CNP issues.

Please take a moment and register.
* First Name:

* Last Name:

* Password:

* Confirm Pwd:

* Email:

* Category:





CNP Archive

Researching companies or people in the CNP industry? Search our past coverage for targeted news and information.

Search here