Card Not Present.com White Paper: Where the PCI Council Got It Wrong on Tokenization

White Paper: Where the PCI Council Got It Wrong on Tokenization

Dec. 19, 2011

Prime Factors, a Eugene, Ore.-based data security company, recently responded to the August publication of the PCI DSS Tokenization Guide with a white paper of its own that attempted to address what it calls the shortcomings of the PCI document. Tokenization Guidance: How to Reduce PCI Compliance Costs, licensed by Prime Factors and completed by research firm Securosis, said the PCI Tokenization Guidance doesn’t answer the central question it purports to examine: How does tokenization alter PCI compliance? “They released ‘guidelines’ which are lacking in guidance,” the authors said. Prime Factors said the paper helps the merchants determine what is in or out of scope and provides audit advice and a tokenization audit checklist for how PCI requirements apply to systems that use tokenization. “Given that tokenization offers better security, simplifies data storage security, and makes audits easier, it’s baffling that the [PCI] Council failed to offer clear advice that would encourage adoption,” the paper concluded. “Discovering what’s missing from the official guidelines—usually only discovered after purchasing a product and coming to grips with how it really works—is no recipe for success. To request a copy of the white paper click here.

Average 4 out of 5

	Your Rating:
	Your Review:

CNP Expo: Hone Your Basic Fraud-Fighting Skills - May 23, 2013
Although more sophisticated techniques are constantly being developed, time-tested techniques to fight fraud can be a less costly, yet still effective, alternative.

CNP Expo: Authorization Recycling Boosts Profit for Subscription Billers - May 23, 2013
Making an extra attempt to authorize a card payment can result in extra profit, a panel of experts told a conference audience comprised mostly of merchants.

CNP Expo: CNP Efforts Vital to Omnichannel Strategy - May 23, 2013
Until recently, shopping and paying have been two separate activities for these merchants, but the advent of online shopping, mobile self-pay apps, and mobile POS platforms has changed that.

Advertise with us:

CNP Expo: In-App Payments All About Customer Experience - May 22, 2013
In-app payments can be an amazing experience for the customer, but they are not without their challenges.

CNP Expo: Where to Expand After BRIC - May 22, 2013
The list is long but some obvious plays are Mexico, South Korea, The U.K., Canada, Australia, Belgium and Poland.

CNP Expo: 3D Secure Making a Comeback? - May 22, 2013
Merchants avoided it due to the cost and customer friction, but with fears of new kinds of vulnerabilities, merchants and providers are taking another look.

2013 CNP Award Winners Revealed - May 22, 2013
Seventeen card-not-present service providers took home 18 awards in nine different categories in the 2013 CNP Awards.

CNP Expo: Social Media’s Growing Role in Fraud Prevention - May
Customers themselves now (unwittingly) provide the information that helps determine the credibility of a transaction through their digital footprints.

CNP Expo: Payments Has Its Head in the Clouds - May 22, 2013
Panelists said the cloud is a conduit that will enable more—and more innovative—options that will revolutionize payments.

CNP Expo: Optimizing Online Donations - May 22, 2013
Online giving is growing, but what are the challenges in soliciting online donations?

CNP Expo: Choosing a Processor - May 22, 2013
Panelists at a Wednesday afternoon session of the 2013 CNP Expo agreed that merchants should evaluate their payment methods and service providers often, especially as they grow.

CNP Expo: Danger of ‘Over-Reactive’ Legislation in Payments - May 22, 2013
The intersection of government policy and innovation could result in regulations being made by lawmakers who do not fully understand the emerging mobile payment industry.

TNS Leverages Mobile and Unlisted Phone Data in New Verification Solution - May 22, 2013
TNS has partnered with leading mobile and telecommunications providers giving them access to unique personal data that both brick-and-mortar and online businesses can use to more effectively verify their customers.

ConvergenceHealth Taps ControlScan for PCI-Compliant Hosted Payment Solution - May 22, 2013
At the CNP Expo yesterday, Atlanta-based PCI-compliance solution provider ControlScan said it has implemented its hosted payment solution with ConvergenceHealth, an enterprise software maker that provides health and wellness programs for other businesses.

CNP Expo: How to Be BFFs With Your Customers - May 22, 2013
It’s easy to get overwhelmed by the sheer volume of social media platforms and networks out there. Where to start? According to our panel, the answer is: it depends.

CNP Expo: Don’t Get Burned by Friendly Fraud - May 22, 2013
A Wednesday morning panel said the first step in managing chargebacks is understanding their root cause and recognizing the difference between friendly fraud and criminal fraud.

CNP Expo: Tackling PCI Compliance - May 22, 2013
Businesses leveraging the cloud for payments will have options when setting up security but panelists warned companies to be careful choosing partners.

CNP Expo: Online Marketing and Payments Come Together - May 22, 2013
A Wednesday morning session at the 2013 CNP Expo focused on the role of a merchant’s Website in their online marketing strategy.

CNP Expo: Study Finds Mobile is Now…For Some - May 22, 2013
Overall, respondents believe mobile revenue will grow substantially, but projections about how much and how they are addressing fraud in the channel vary substantially.

CNP Expo: Interchange Skirmishes to Continue - May 22, 2013
A late afternoon session on Day 1 of the CNP Expo looked at how the Durbin Amendment has affected different constituencies and what the outlook is for further wrangling over interchange.

CNP Expo: Mobile Payments Solutions MUST Include Loyalty and Rewards - May 22, 2013
Panelists at the CNP Expo agreed: Value-added programs are absolutely necessary for establishing mobile payment options.

Attendees Crawl the Hall with Zane Lamprey at the CNP Expo - May 22, 2013
The host of comedy drinking shows Three Sheets and Drinking Made Easy was the emcee of the CNP Expo’s Exhibit Hall Crawl.

CNP Expo: Consumers Get More Comfortable with Debit Online - May 21, 2013
Panelists said because consumers are used to giving their PIN when asked—at the ATM or POS—most feel secure using it when asked online.

CNP Expo: PSPs on the Rise - May 21, 2013
Some 150 PSPs are now in operation, including disruptive players like Square that are capturing a target market of young business people who have been overlooked by traditional financial institutions.

CNP Expo: Recurring Billers Face Challenges - May 21, 2013
Merchants that want to leverage a subscription model face challenges that were explored Tuesday in a panel discussion at the CNP Expo.

CNP Expo: Call Center Upgrades Can Significantly Reduce Agent Fraud - May 21, 2013
As online transactions become more common, call-center security must become more sophisticated to foil more sophisticated thieves.

CNP Expo: Predicting a Mobile Technology Winner - May 21, 2013
As smartphones become more widespread, the number of mobile wallet apps is becoming more prolific as well. But which version of mobile wallet technology will move forward?

CNP Expo: Want to Sell in Brazil? ‘Fasten Your Seatbelt’ - May 21, 2013
Although Brazil has many restrictions both in terms of shipping merchandise in and getting payments out, it is the fifth-largest e-commerce economy in the world—and it’s still growing.

CNP Expo: Payments Strategy Requires Prioritization, Adaptability - May 21, 2013
For retailers that operate in the card-not-present space, articulating a coherent strategy governing how payments fit into the company’s overall strategy is becoming increasingly important.

CNP Expo: Unique Fraud Challenges for Digital Goods Retailers - May 21, 2013
For digital merchants, turning away legitimate business through fraud prevention measures is riskier to the life of their business than allowing a few fraudulent transactions, but fraud prevention remains a priority, since customer account takeovers and a high volume of fraud can close down a merchant site.

CNP Expo: Direct-Carrier Billing in the Crosshairs - May 21, 2013
Though the cost to merchants can be upwards of twenty percent of the transaction, panelists said the higher conversion rate and increased ROI on merchants’ marketing initiatives makes direct-carrier billing worth the cost.

CNP Expo: Taking Fraud Prevention to the Next Level - May 21, 2013
A by-product of the race to get into mobile, is that time may not be taken to think about some of the dangers that can contribute to fraud.

‘UnThink’ at the CNP Expo - May 21, 2013
Artist Erik Wahl opened this year’s event with a keynote address that explored how creativity has become the “new corporate capital.”

CNP Expo Kicks Off with Full House at Boot Camp - May 20, 2013
The Boot Camp, sponsored and programmed by e-commerce payments pioneer Litle & Co., was a new addition to the CNP Expo this year and it drew significantly more attendees than expected.

BlueSnap Launches E-Commerce Payment Solution at CNP Expo - May 20, 2013
The Waltham, Mass.-based e-commerce payments provider today launched SnapConsole, which it calls a management console that lets merchants start selling online quickly.

Payvia Acquires Mogreet to Add Mobile Messaging to Payments - May 20, 2013
Los Angeles-based direct carrier billing technology provider payvia today revealed it has acquired mobile marketing company Mogreet.

Square: Scare Much Ado about Nothing - May 16, 2013
A mini furor erupted this week when a user notification from Square created a stir among merchants who fear it signals a change in policy that will result in payment holds.

OneID Launches Two-Factor Authentication for Online Banking - May 16, 2013
OneID Confirm is based on the original OneID Suite, which authenticates consumers without personal information like usernames and passwords.

PayPlum Adds Antifraud Service to Hosted Payment Solution - May 16, 2013
Combining the new service with its Enterprise PCI compliance software results in what the company thinks is a unique security proposition for a hosted payment solution.

U.K. Consumers Want Cash Options Online - May 16, 2013
More than half of 18-24 year olds who completed the survey indicated they want to use cash online, according to results of a new survey.

Eight Indicted in N.Y. for $45 Million Cyber Theft - May 13, 2013
Federal prosecutors arrested seven of the eight defendants and confirmed that the eighth had been murdered on April 27.

Alibaba Nabs Stake in Digital Mapping Firm - May 13, 2013
Chinese e-commerce giant Alibaba Group has invested nearly $300 million in AutoNavi Holdings Ltd., good for a 28 percent stake in the digital mapping company.

Google Wallet’s Bedier Bids Goodbye - May 13, 2013
Google confirmed that Osama Bedier, the head of Google Wallet who was brought in from PayPal to lead the mobile payment initiative, has left the company.

MCX Adds Southwest and Chili’s to Mobile Initiative - May 13, 2013
Southwest Airlines, Brinker International, Pacific Convenience & Fuels and RaceTrac join nearly 30 others in the merchant-led mobile payments initiative.

Richmond Fed Looks at Durbin’s Unintended Consequences - May 9, 2013
The billions in revenue forfeited by issuers since debit interchange was capped under the 2011 law is only the most visible result of Durbin and the expected windfall for merchants has not materialized for everyone.

Two-Thirds of Businesses Currently Leveraging Mobile - May 9, 2013
Email and social media marketing are the top ways businesses use mobile technology, but the study also found 34 percent have a mobile-optimized Website and 18 percent run a mobile POS system using tablets.

Alaric Bolsters Authentication with Virtual PIN Solution - May 9, 2013
Alaric, a London-based antifraud and ID authentication provider, this week unveiled a solution that gives consumers the control to authorize card payments online and on tablets and smartphones.

Payelp, Cinify Monetize Video Content Globally - May 9, 2013
Payelp will allow Cinify to expand the number of payment methods consumers around the world can use to access their clients’ video content.

Dwolla Nets $16.5 Million in Funding from Andreessen Firm - May 6, 2013
The cash infusion will be used to staff up a new San Francisco office, support business development and add to its line of consumer-facing products.

CyberSource Launches Authorize.Net in U.K. - May 6, 2013
The European solution includes the same features available to Authorize.Net merchants in the U.S., the company said, like enabling recurring billing, and providing advanced fraud protection and secure data storage.

BlueSnap Adds Payment Types to Recurring Billing Solution - May 6, 2013
The recently released Automated Subscription Reminder product enabling recurring payments via local payment types was expanded to include additional methods.

Judge: Anti-Settlement Groups Dragging Feet on Changing Website - May 6, 2013
U.S. District Judge John Gleeson said at least one anti-settlement Website has continued to “obfuscate” key points of the settlement proposal.

Report from ETA: Innovators Rewarded, Industry Economics on Upswing - May 3, 2013
Payments innovators were highlighted this week in New Orleans at the 2013 Electronic Transaction Association (ETA) Annual Meeting& Expo.

ControlScan Integrates PCI Compliance into New E-Commerce Solution - May 3, 2013
ControlScan this week unveiled a comprehensive e-commerce solution aimed at small and midsize merchants that combines Web hosting, a shopping cart and a PCI-compliant hosted payment page.

NorseCorp, Quatrro Partner on Fraud-Fighting E-Commerce Gateway - May 3, 2013
The companies have collaborated on eCommerce Shield, a payment gateway integrated with fraud protection they said will give small and midsize businesses access to the same security enjoyed by larger merchants.

50 Million LivingSocial Users’ Passwords Exposed in Security Breach - April 29, 2013
The intrusion reportedly did not compromise payment information, but it did include names, email addresses, dates of birth and encrypted passwords.

Merchant Warehouse, LevelUp Establish Million-Dollar Development Fund for Merchants - April 29, 2013
Two Boston-based companies have teamed up to make mobile payment apps less costly for merchants.

Study: Retailer Incentives Could Promote Mobile Payments - April 29, 2013
Current users and non-users alike report they would be more likely to use their mobile devices to make payments more often if they received retailer incentives.

Payvia Signs New Direct-Billing Clients Including Skype - April 29, 2013
Online careers community Bright, social video provider OnCam and VOIP pioneer Skype now are using payvia’s platform enabling their customers to charge their purchases to a mobile phone bill.

Bank Closes Bitcoin Exchange Account - April 25, 2013
Capital One Financial Corp. last week closed the bank account of Bitfloor, forcing the Bitcoin exchange to shutter its doors.

ControlScan Helps Small Businesses in Australia with PCI Compliance - April 25, 2013
Brisbane-based Bridge Point Communications, which provides information security services to merchant and acquirer clients, said it will integrate ControlScan’s PCI 1-2-3 compliance solution for smaller businesses.

ZooZ Nets $2 Million in New Financing - April 25, 2013
The company said it will use the proceeds of the financing to “add new product functionality, increase traction with retailers, solidify new partnerships, and otherwise build its presence” in the global payments market.

Vantiv Offers Merchant Services to CertusBank Customers in Southeast U.S. - April 25, 2013
Under a new agreement, the Cincinnati-based processor will provide debit- and credit-card processing for CertusBank merchant clients.

MCX Chooses Gemalto to Build Mobile Wallet, Barcode at POS - April 22, 2013
Last week’s announcement indicated, at least initially, the MCX wallet will work at the POS via barcodes and that it will be cloud-based.

PayPal Q1 Revenue Up 20% - April 22, 2013
PayPal parent eBay reported first-quarter earnings late last week and said payment volume processed by the unit rose 22 percent from the same period a year earlier to $41 billion. Revenue also increased, up 20 percent year-over-year to $1.5 billion.

China Close to Mobile Payment Standard - April 22, 2013
China reportedly has drafted a national mobile payment standard and could announce it within a year.

Moneris, LightSpeed Partner to Enable Omnichannel Retailing in Canada - April 22, 2013
Under the agreement, LightSpeed will integrate Moneris’ processing technology into its enterprise mobile and POS retail management tools for retailers in Canada.

Amazon Seeks Patent for ‘Anonymous Mobile Payments’ - April 18, 2013
Being able to make payments via mobile device without divulging personal financial details could allay consumers’ security fears, one of the obstacles the technology still must overcome to ensure widespread adoption.

MasterCard to Develop E-Commerce Products with China CITIC Bank - April 18, 2013
The Purchase, N.Y.-based card network signed a strategic agreement with China CITIC Bank to develop and promote products for e-commerce including virtual payment card technology and QR code services.

Fiserv Rebrands Debit Network - April 18, 2013
Global banking technology provider Fiserv said this week that it has renamed its debit network Accel.

Zipmark Enables Digital Checks - April 18, 2013
Zipmark, a New York City-based startup enabling businesses that typically accept paper checks to accept e-checks online and via mobile, has partnered with Rearden Commerce to enable B2B online payments.

Judge: Interchange Settlement Opponents Disseminating ‘Bad Information’ - April 15, 2013
Judge ruled Websites encouraged retailers to opt out of the settlement without fully explaining the consequences.

MasterPass Launches in Canada - April 15, 2013
Several merchants in Canada already have enabled MasterPass checkout on their Websites including Porter Airlines, WagJag, Jaunt.ca and Grocery Gateway.

Elavon, Santander to Offer Merchant Services in Spain - April 15, 2013
Elavon, a subsidiary of U.S. Bancorp, will own 51 percent of a new joint venture with Santander controlling the remaining 49 percent.

WorldPay Secures Billion-Dollar Loan, Puts U.S. Business on the Block - April 15, 2013
The company also said it has received permission from lenders to look for a buyer for its U.S. division, which accounts for a third of its total business.

Online Payments Contribute to ACH Growth - April 11, 2013
The rise in online payments made via ACH was one of the main contributors to the overall growth of the network, along with an increase in native electronic payments and the expanding use of ACH credit payments.

CyberSource Plants a Flag in France - April 11, 2013
The antifraud technology provider said this week it has opened an office in Paris to bring its fraud management solution to French merchants.

Adyen Partners with Magento in Brazil - April 11, 2013
The Adyen Payment Module enables Magento merchants in Brazil to leverage installment payments and Portuguese language functionality.

Taiwanese MNO Launches Mobile Payments - April 11, 2013
Chunghwa Telecom reportedly will introduce a mobile payment scheme this June that leverages QR codes at the point of sale.

Online Store Aims to Prove Value of Bitcoins - April 8, 2013
The range of merchants that accept Bitcoins is expanding and, recently, an online electronics store that accepts only the virtual currency opened its virtual doors.

Mozilla Testing a Common API for Online Payments - April 8, 2013
The group said it has implemented an experimental JavaScript API into its new Firefox OS for smartphones that will make online payments for PC and mobile devices easier and more secure.

Irish PSP Chooses IdentityMind Merchant Underwriting and Antifraud Services - April 8, 2013
Antifraud technology provider IdentityMind late last week said it has been chosen by CommerceGate as the Dublin, Ireland-based PSP’s risk management platform.

Bango Reaches 100 Connections Worldwide - April 8, 2013
The company reached the milestone when it connected Telefónica subscribers in Colombia with the BlackBerry World app store.

LevelUp CEO: ‘We Aren’t Running Out of Cash’ - April 4, 2013
Boston-based mobile payments and loyalty provider LevelUp could be struggling for cash, despite closing on the second half of a $21 million round only eight months ago, according to a published report citing former employees and VCs.

Report: Mobile Sales to Surge, Adoption Varies by Retail Segment - April 4, 2013
Results of a new survey find mobile revenue will grow substantially, but projections about how much and how they are addressing fraud in the channel vary substantially between retail segments.

ReD Brings Fraud Prevention to FIS Customers in LAC Region - April 4, 2013
London-based fraud-prevention technology company ReD has been chosen by FIS to deliver antifraud services to the banking technology giant’s financial institution clients in Latin America and the Caribbean.

Flipkart Chooses CyberSource for International Online Payments - April 4, 2013
The agreement will protect card transactions originating outside India with CyberSource’s Decision Manager fraud-fighting tool.

Dwolla, WorldPay Serve up Customers Some Down Time - April 1, 2013
Online payments startup Dwolla and gateway provider WorldPay each experienced service outages last week.

MasterCard, Alibaba Look ahead at E-Commerce - April 1, 2013
An agreement between the U.S. card network and Chinese e-commerce solutions providers eventually will lead to cooperative ventures in cross-border payments, acceptance, security and more.

Digital River Opens Unbanked Market to its E-Commerce Merchants - April 1, 2013
the e-commerce platform provider made it easier for consumers without a credit or debit card to buy online when it announced merchants using its solution can offer virtual voucher paysafecard as an online payment method.

PayZang Processes Checks for CNP Payments - April 1, 2013
PayZang, a Utah-based startup enabling e-commerce merchants to offer ACH payments online, has launched a product aimed at high-risk merchants that want to accept card-not-present payments by check.

Advertise with us:

Sign Up Today Free

Receive the twice weekly CNP Report and monthly feature articles providing in-depth examinations of global CNP issues.

Please take a moment and register.
* First Name:
* Last Name:
* Password:
* Confirm Pwd:
* Email:
* Category:
Company:

CNP Archive

Researching companies or people in the CNP industry? Search our past coverage for targeted news and information.

Search here