{"id":1573,"date":"2011-09-07T00:00:00","date_gmt":"2011-09-07T00:00:00","guid":{"rendered":"http:\/\/otava.test\/simplifying-pci-compliance-with-tokenization\/"},"modified":"2011-09-07T00:00:00","modified_gmt":"2011-09-07T00:00:00","slug":"simplifying-pci-compliance-with-tokenization","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/","title":{"rendered":"Simplifying PCI Compliance with Tokenization"},"content":{"rendered":"

What\u2019s the latest update on PCI DSS compliant standards? After little to no changes for years, save the virtualization update<\/a>, the PCI Security Standards Council (PCI SSC) recently published a document on new technical standards that impact PCI DSS compliance, the PCI DSS Tokenization Guidelines Information Supplement<\/a>. Recognizing tokenization as a way to reduce the scope of PCI DSS, the council\u2019s guide outlines how to stay PCI compliant<\/a> while using a tokenization system in a cardholder data environment<\/a> (CDE).<\/p>\n

To reduce the storage of sensitive cardholder data<\/a> (CD), tokenization replaces a Primary Account Number<\/a> (PAN) with a \u201ctoken\u201d value. These token values are not sensitive. Instead of encryption<\/a>, the complete replacement of PANs can provide a different security method for many companies that conduct credit card transactions.<\/p>\n

Merchants no longer need to store PAN in their CDE or processing system because a non-sensitive token value subsequently takes its place. Tokenization ensures that sensitive information is never transmitted to a third-party outsourcing provider in any form of code (encryption).<\/p>\n

\"\"<\/a><\/p>\n

Example of High-Level Tokenization Process <\/strong>(Source: PCIsecuritystandards.org)<\/p>\n

The PCI SSC tokenization guide has an example of a high-level tokenization process although they acknowledge others are possible. The steps include:<\/p>\n

    \n
  1. The requesting application passes a PAN with authentication information to a tokenization system.<\/li>\n
  2. The tokenization system verifies the authentication information. If verification fails, the tokenization process stops and information is logged. If verification succeeds, the system continues.<\/li>\n
  3. The tokenization system generates a token associated with the PAN to record to the card data vault.<\/li>\n
  4. The token is returned to the requesting application.<\/li>\n<\/ol>\n

    While tokenization limits PCI scope, there are still PCI security requirements, as the council outlines. Authentication and limited access still apply, as well as monitoring, tracking and logging to detect unauthorized activity.<\/p>\n

    The PCI SSC recommends tokenization be used in partnership with PCI data security standards and not viewed as a replacement or alternative. The council is merely providing more guidance on using a method to advance the security of merchant CDE.<\/p>\n

    The best advice for managing a PCI compliant environment is to reduce the scope of the CDE. By limiting system components that store and process sensitive customer data, PCI compliance becomes much more simple to achieve for e-commerce or other merchants that process credit card information.<\/p>\n","protected":false},"excerpt":{"rendered":"

    What\u2019s the latest update on PCI DSS compliant standards? After little to no changes for years, save the virtualization update, the PCI Security Standards Council (PCI SSC) recently published a document on new technical standards that impact PCI DSS compliance, the PCI DSS Tokenization Guidelines Information Supplement. Recognizing tokenization as a way to reduce the scope of PCI DSS, the council\u2019s guide outlines how to stay PCI compliant while using a tokenization system in a cardholder data environment (CDE). To reduce the storage of sensitive cardholder data (CD), tokenization replaces a Primary Account Number (PAN) with a \u201ctoken\u201d value. These token values are not sensitive. Instead of encryption, the complete replacement of PANs can provide a different security method for many companies that conduct credit card transactions. Merchants no longer need to store PAN in their CDE or processing system because a non-sensitive token value subsequently takes its place. Tokenization ensures that sensitive information is never transmitted to a third-party outsourcing provider in any form of code (encryption). Example of High-Level Tokenization Process (Source: PCIsecuritystandards.org) The PCI SSC tokenization guide has an example of a high-level tokenization process although they acknowledge others are possible. The steps include: The requesting application…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1573","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nSimplifying PCI Compliance with Tokenization | OTAVA<\/title>\n<meta name=\"description\" content=\"PCI Security Standards Council recently published a document on new technical standards that impact PCI DSS compliance around tokenization.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Simplifying PCI Compliance with Tokenization\" \/>\n<meta property=\"og:description\" content=\"PCI Security Standards Council recently published a document on new technical standards that impact PCI DSS compliance around tokenization.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2011-09-07T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Simplifying PCI Compliance with Tokenization\",\"datePublished\":\"2011-09-07T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/\"},\"wordCount\":385,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/\",\"url\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/\",\"name\":\"Simplifying PCI Compliance with Tokenization | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png\",\"datePublished\":\"2011-09-07T00:00:00+00:00\",\"description\":\"PCI Security Standards Council recently published a document on new technical standards that impact PCI DSS compliance around tokenization.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Simplifying PCI Compliance with Tokenization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Simplifying PCI Compliance with Tokenization | OTAVA","description":"PCI Security Standards Council recently published a document on new technical standards that impact PCI DSS compliance around tokenization.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/","og_locale":"en_US","og_type":"article","og_title":"Simplifying PCI Compliance with Tokenization","og_description":"PCI Security Standards Council recently published a document on new technical standards that impact PCI DSS compliance around tokenization.","og_url":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/","og_site_name":"OTAVA","article_published_time":"2011-09-07T00:00:00+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Simplifying PCI Compliance with Tokenization","datePublished":"2011-09-07T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/"},"wordCount":385,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/","url":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/","name":"Simplifying PCI Compliance with Tokenization | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png","datePublished":"2011-09-07T00:00:00+00:00","description":"PCI Security Standards Council recently published a document on new technical standards that impact PCI DSS compliance around tokenization.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/tokenization.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/simplifying-pci-compliance-with-tokenization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Simplifying PCI Compliance with Tokenization"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1573"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1573\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1573"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}