The guidelines focus on a series of key areas such as proper generation of tokens and the management of historical data. According to the guide, an effective tokenization process should take into account previous components such as token generation, token mapping, card data vault and cryptographic key management. Moreover, for a complete prevention of fraud attack incidents, further sensitive authentication data such as full contents of the magnetic strip, CVV2, PIN and PIN block should never be stored after the authorization, the same study has pointed out.
In 2009, Visa published the Visa Best Practices for Data Field Encryption, a study dealing with the protection of cardholder information and limitation of the clear-text availability of cardholder data and sensitive authentication data. Visa recommended within the guide that entities should consider using tokens (such as a transaction ID or a surrogate value) to replace the PAN for use in payment-related business purposes other than payment acceptance.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now