This page contains a Flash digital edition of a book.
NEWS 09


Security Standard (PCI DSS) has released its fi rst guidance on the use of tokenisation technologies in the payment process. The PCI Security Standards Council (SSC) has published The PCI DSS Tokenisation Guidelines Information Supplement to help merchants how tokenisation solutions may ease PCI DSS compliance efforts. Tokenisation replaces a credit or


PCI TOKENISATION GUIDELINES RELEASED T


he industry standards body in charge of managing the Payment Card Industry Data


he said. “The guidelines record the process by which merchants can simplify the security of their cardholder data environment. When you consider the inclusion of encryption technologies, there are quite a few different tokenisation approaches available in the market today.”


debit card’s 16-digit Primary Account Number (PAN) with a surrogate value called a ‘token’. Specifi c to PCI DSS, this involves substituting sensitive PAN values with non-sensitive token values. Jeremy King European PCI Security Standards Council director, told Retail Technology that the new guidelines was a starting point for discussions about how a properly implemented tokenisation solution can reduce or remove the need for a merchant to retain PAN in their environment once the initial transaction has been processed.


“It introduces the subject formally and sets a base level of guidance,”


As with many evolving technologies, there is currently a lack of industry standards for implementing secure tokenisation solutions in a payment environment. “We wanted to make sure we did not restrict this emerging business, but that we supported merchants, vendors, acquirers and QSAs [qualifi ed security assessors],” King added. “


But he stressed that merchants are


ultimately responsible for the proper implementation of any tokenisation solution they use, including its deployment and operation, and validation of its tokenisation environment as part of their annual PCI DSS compliance assessment.


Like the point-to-point encryption guidelines released last year (September/October 2010 Retail Technology), the Council created its tokenisation guidance with members of its Scoping Special Interest Group (SIG). “They don’t change the standards, they discuss methods of taking data out of scope,” he added. This newest guidance can be found in the Council’s online document library, which holds research, guidance and supplemental insight into topics that can aid ongoing PCI security programmes. King also urged merchants to


get involved in the guideline review process. “We’re expecting a good turnout at our community meeting in London this October, including the Scoping SIG,” he said. “So merchants will be able to ask tokenisation experts questions and get involved in ongoing discussions.”


◆ Secure customer interactions specialist The Logic Group has partnered with Semafone to offer a new way to reduce costs and risk in card transactions by taking payment environments out of scope for the Payment Card Industry Data Security Standard (PCI DSS). The partners manage card data taken via contact centre or e-commerce channels and host it externally in a PCI approved and compliant environment.


Tyco Retail Solutions, a global provider of retail performance and security solutions sold through ADT and authorised business partners worldwide, has announced the recent success of its Source Tag Recirculation programme, designed not only to help retailers improve supply


chain and selling fl oor effi ciency but also improve profi ts. Currently embraced by seven top global apparel retailers, the programme enables retailers to buy only the tags they need, and receive credits promptly when the tags are returned for recirculation, while Tyco bears all the hard tag inventory risk.


JULY/AUGUST 2011 RETAIL TECHNOLOGY


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40