Visa reveals global best practices for card data tokenization

Thursday 15 July 2010 11:38 CET | News

Visa has released a series of guidelines concerning the best practices for tokenization. The guide is set to help merchants, vendors, service providers and acquirers reduce or eliminate sensitive card data from payment systems as well as simplify data security and compliance efforts.

The guidelines focus on a series of key areas such as proper generation of tokens and the management of historical data. According to the guide, an effective tokenization process should take into account previous components such as token generation, token mapping, card data vault and cryptographic key management. Moreover, for a complete prevention of fraud attack incidents, further sensitive authentication data such as full contents of the magnetic strip, CVV2, PIN and PIN block should never be stored after the authorization, the same study has pointed out.

In 2009, Visa published the Visa Best Practices for Data Field Encryption, a study dealing with the protection of cardholder information and limitation of the clear-text availability of cardholder data and sensitive authentication data. Visa recommended within the guide that entities should consider using tokens (such as a transaction ID or a surrogate value) to replace the PAN for use in payment-related business purposes other than payment acceptance.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Visa, tokenization, token generation, token mapping, card data vault, cryptographic key management
Categories: Payments & Commerce | Cards
Countries: World
This article is part of category

Payments & Commerce