Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

A Guide to Tokenization

September 13, 2011 | No comments | Tokenization

Written by: admin

By Michael Ryan

Over the past month, there has been a great deal of discussion about tokenization.  The PCI Council released much awaited guidelines in early August and while many questions were answered both vendors and merchants asked for more clarity.

If you haven’t done so yet, take a look at the tokenization buyers guide that was developed by Walter Conway.  The guide provides an unbiased and technology-neutral look at tokenization.  It addresses how tokenization may reduce a merchant’s PCI scope and offers methods on how to evaluate alternative vendor products. Merchants can view this buyer’s guide along with the guidance from the PCI Council to determine what solution is best for their environment.

Now, there are certain areas within the guide that I didn’t necessarily agree with.  In particular, the subject of token collision or exhaustion that may exist with some format preserving tokenization solutions as well as processing delays that may arise from card-based tokenization methodologies.

Each of Merchant Link’s clients has tens of billions of tokens available to them to make the issue of collision or exhaustion near impossible. We also process billions of card-based tokenization transactions each year with no noticeable delay in processing speed. As Conway suggests merchants should be aware of these issues and discuss them with their prospective vendor.

Conway also offers an excellent checklist within the document that we believe every merchant should use when considering which solution to employ.  If you haven’t checked it out yet and you are considering a tokenization solution, I highly recommend it.

Write a Comment