PCI Tokenization Services

The old way:

Segmentation

While not required by PCI DSS Standards, network segmentation—keeping all the servers and systems that touch credit card data in their own network segment—is strongly recommended. It keeps the majority of your network out of scope for PCI compliance and minimizes your compliance headache by reducing risk, reducing assessment scope and cost, and reducing the difficulty of implementing and maintaining PCI DSS controls.

The Problems

Ensuring that a system component is properly isolated (segmented) from the CDE is an ongoing, complex effort that eats up resources. Plus, penetration testing must be regularly used to test all segmentation methods to confirm they are operational and effective, and isolate all out-of-scope systems from in-scope systems.

The new way:

Point to Point Encryption

A point-to-point encryption (P2PE) solution cryptographically protects account data—from the moment a merchant accepts payment to the secure point of decryption. By using P2PE, payment card data is unreadable until it reaches the secure decryption environment, which makes it less valuable if stolen.

Tokenization

In data security, Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token that has no extrinsic or exploitable meaning or value.

Tokenization combined with P2PE

Using Tokenization combined with Point-to-Point Encryption Solution completely eliminates scope and the risk of data compromise.