Protecting credit card information: encryption vs tokenisation
✍ Scribed by Luther Martin
- Book ID
- 104392828
- Publisher
- Elsevier Science
- Year
- 2010
- Tongue
- English
- Weight
- 326 KB
- Volume
- 2010
- Category
- Article
- ISSN
- 1353-4858
No coin nor oath required. For personal study only.
✦ Synopsis
The Payment Card Industry Data Security Standard (PCI DSS) requires the protection of cardholder data. 1 This includes credit card numbers and perhaps other information such as a name, expiration data or service code, if this additional information is stored with a credit card number.
The most common ways to protect cardholder data are encryption and tokenisation. These technologies are very similar: they both replace sensitive information with modified data from which it's improbable that an adversary could recover the sensitive information. Both technologies provide good protection for the information that they protect. And the security that each technology provides is limited by system-level issues rather than by the technology itself.