There are many data security measures a company can implement to ensure it meets the requirements of the Payment Card Industry Data Security Standard. Tokenization is one such tool that has proven especially useful, according to a recent Retail Info Systems News report.
Tokenization protects sensitive information by masking it with alias values – or tokens – that are meaningless. That means, should someone access payment card data, the information he obtains is useless because it is a random jumble of values. That's unlike encryption, which is determined by a mathematical formula.
This way, to breach data, a cyber criminal must hack the payment card database and the token server to access the token lookup table and decipher the information.
According to the report, one national convenience store chain utilizes tokenization to ease the challenges of meeting PCI compliance. That's because it has reduced PCI audit time by 50 percent, lowered maintenance costs and improved data security through tokenization's layered approach.
Meeting PCI compliance is a key business need for small merchants, a recent Trustwave report found. The firm revealed that 90 percent of breaches involve Level 4 merchants, which refers to those that process fewer than 20,000 ecommerce transactions annually and all other merchants that process up to 1 million Visa transactions annually.