White Paper: Where the PCI Council Got It Wrong on Tokenization

Dec. 19, 2011

Prime Factors, a Eugene, Ore.-based data security company, recently responded to the August publication of the PCI DSS Tokenization Guide with a white paper of its own that attempted to address what it calls the shortcomings of the PCI document. Tokenization Guidance: How to Reduce PCI Compliance Costs, licensed by Prime Factors and completed by research firm Securosis, said the PCI Tokenization Guidance doesn’t answer the central question it purports to examine: How does tokenization alter PCI compliance? “They released ‘guidelines’ which are lacking in guidance,” the authors said. Prime Factors said the paper helps the merchants determine what is in or out of scope and provides audit advice and a tokenization audit checklist for how PCI requirements apply to systems that use tokenization. “Given that tokenization offers better security, simplifies data storage security, and makes audits easier, it’s baffling that the [PCI] Council failed to offer clear advice that would encourage adoption,” the paper concluded. “Discovering what’s missing from the official guidelines—usually only discovered after purchasing a product and coming to grips with how it really works—is no recipe for success. To request a copy of the white paper click here.


  • CNP Fraud Attempts up 30% in 2015, EMV to Blame? - Nov. 19, 2015
    CNP Fraud Attempts up 30% in 2015, EMV to Blame?

    The volume of fraud attempts rose 30 percent from 2014 to 2015, lending support to concerns that the transition to EMV in the U.S. will shift fraud for retailers from in-store counterfeit fraud to card-not-present fraud, according to a new analysis from ACI Worldwide.

  • Square Sets Expectations for IPO - Nov. 9, 2015
    Square Sets Expectations for IPO

    Square, a pioneer for small-merchant credit-card acceptance, said it expects a price range for its initial public offering of between $11 and $13 per share, which would yield a top-end valuation of $4.2 billion, according to an SEC filing.

  • Startup Betting on Better Passwords - Nov. 2, 2015
    Startup Betting on Better Passwords

    While biometrics are gaining momentum as the next wave in authentication technology, an Athens, Ga.-based startup says passwords aren't going anywhere and that it has developed a more secure way to leverage them for online payments or account opening.

  • EC Seeking Feedback on Cross-Border VAT Rules - Oct. 1, 2015
    EC Seeking Feedback on Cross-Border VAT Rules

    The European Commission (EC) is inviting businesses, industry groups and members of the public from around the world who engage in European cross-border e-commerce to help identify ways to simplify the Value-Added Tax (VAT) on those kinds of transactions.




Sign Up Today Free

Receive the twice weekly CNP Report and monthly feature articles providing in-depth examinations of global CNP issues.

Please take a moment and register.
* First Name:

* Last Name:

* Password:

* Confirm Pwd:

* Email:

* Category:





CNP Archive

Researching companies or people in the CNP industry? Search our past coverage for targeted news and information.

Search here