Tokenisation is used in the Payment Card Industry to protect sensitive and confidential cardholder information. Since the actual data is not stored, but replaced by the token, merchants and processors remain compliant with the PCI DSS while adhering to regulation as stipulated by the government.
basics accounting'>basics accounting - Since compliance to PCI DSS stipulates the recording but not storing of sensitive data, such PII or Personal Account Numbers, a solution was needed for merchants and handlers to take advantages of the conveniences of processing a multiple number of transactions to the same invoice, as in the case of hotel accommodations, restaurants, auto rentals or in the application of recurring billing.
The tokens can be represented in many different ways. Some applications and providers will create token strings, that may be the same length as the original data. In some cases when the token is formed, it may contain some of the same elements of the original, such as the last four digits of the telephone or bank card number.
When requests for verification are sent for authorization of the transaction, instead of the credit card number being returned, along with the authorization code, a token may be sent instead. The token can be stored in the system, while the actual data associated with the cardholder, is secured in a token storage system that complies with PCI standards.
The process of tokenisation was introduced to the financial industry in August of 2005, and it allows merchants to substitute sensitive data with non-decryptable strings called tokens. Tokenisation has now been adopted to safeguard sensitive information such driver's licenses, loan application, bank accounts, criminal and medical records and other types of Personally Identifiable Identification.
Tokenization is a cost effective method of protecting data, while it complies with the required PCI standards. It is now a bit more difficult for hackers to gain illegal access to cardholder information data that is stored outside of the token storage system. Compliance to PCI DSS is now a much simpler process, as the system that store the sensitive data is represented as tokens that are not included in PCI audits.
Implementation of tokenisation is not a difficult process. Small changes are required in the Point of Sale and merchandising processes. The ability to store the token as well as to make the request is needed. The Tokens can easily be stored in the same field as the card number, as the token can contain the last four digits of the bank or credit card number, there is very little modification needed as both the PMS and POS reports will still be fully functional and representative. The implementation is a seamless process, that can be completed, with pending sales or tickets that are still open.
Tokenisation can be used to reduce the inherent risks involved with storing sensitive data such as credit or payment card information. The process is almost similar to the end to end encryption process that is used when sensitive data is transferred, however it is applied when data is stored.
Không có nhận xét nào:
Đăng nhận xét