Different solutions with different levels of security can be developed with the use of token can be modified by replacing them with tokens, which further reduces the need to implement requirements for PCI DSS requirements.
basics accounting'>basics accounting - Tokenisation is a relatively simple process technology which enables both vendors of payment application system, processors and merchants to enjoy the highest possible levels of security without expending a lot of resources. It allows both merchants and vendors to comply with the Payment Card Industry Data Security Standard. The technology which was introduced to the industry in August of 2005, is freely available and is relatively easy to implement.
PCI DSS states that cardholder data cannot be stored, after the transaction has been authorized, but merchants needed a method to offer consumers of eliminating the need to re-enter data when transaction are repeated on the same accounts. Tokenisation protects customer data, while the merchants ' providers, and processes remain compliant.
There are several methods that can be used for generating tokens, and there are an equally large number of ways that the process can be implemented.
The transaction purchase remains the same as usual. The payment card is swiped and data is encrypted and transferred to the processor. If the transaction is approved, the data is converted to a token, which is a randomized string of 16 characters that represent the payment card data. Only the tokens can be stored in place of the data to remain compliant with the Payment Card Industry standard.
• There are a few important keys for successful implementation of tokens as it pertains to PCI DSS.
• The need to maintain to validate and maintain compliance to PCI DSS is not eliminated, but it is simplified by a reduction in the number of components that are normally required.
• It is still necessary to verify that the tokenisation process is effective, and that includes a rigorous testing to ensure that PII cannot be retrieved from the components that are out of the scope of the PCI DSS.
Tokenisation transfers the liability for protecting the payment card data to the gateway, where it should be. The process is not patented, and is readily available for implementation with a few minor changes, required for existing POS and PMS systems.
• The system must be protected by robust controls, security and monitoring procedures that ensure continued efficacy.
The Token remains alive, and is stored in the Point of Sale system after the transaction is completed, and can support repeated incremental authorizations to the same account. The Token will represent a specific payment card transaction and data, that is translated and sent to the processor who returns an authorization code. The code is now transformed into a token and is sent to the merchants with an approval code. The entire process can be completed without the storage or transfer of sensitive payment card information.
• As the system can be different for different applications, a thorough evaluation and risk analysis must be performed to identify any unique characteristics of the process.
Không có nhận xét nào:
Đăng nhận xét