White Paper: Where the PCI Council Got It Wrong on
Dec. 19, 2011
Prime Factors, a Eugene, Ore.-based data security company,
recently responded to the August publication of the PCI
DSS Tokenization Guide with a white paper of its own that attempted to
address what it calls the shortcomings of the PCI document. Tokenization Guidance: How to Reduce PCI
Compliance Costs, licensed by Prime Factors and completed by research firm
Securosis, said the PCI Tokenization Guidance doesn’t answer the central
question it purports to examine: How does tokenization alter PCI compliance?
“They released ‘guidelines’ which are lacking in guidance,” the authors said.
Prime Factors said the paper helps the merchants determine what is in or out of
scope and provides audit advice and a tokenization audit checklist for how PCI
requirements apply to systems that use tokenization. “Given that tokenization
offers better security, simplifies data storage security, and makes audits
easier, it’s baffling that the [PCI] Council failed to offer clear advice that would
encourage adoption,” the paper concluded. “Discovering what’s missing from the
official guidelines—usually only discovered after purchasing a product and coming
to grips with how it really works—is no recipe for success. To request a copy
of the white paper click here.