New PCI DSS tokenization guidelines released

New PCI DSS tokenization guidelines released

Online merchants and other organizations with a need of protecting personal data got some new PCI compliance guidance late last week, with the release of updated information on tokenization as a security standard.

The PCI SSC announced that the use of tokenization - which substitutes a less-sensitive value for something like a primary account number, to allow ecommerce sites and similar entities to avoid storing such important data on their servers - should both make organizations more secure and ease PCI compliance tasks.

"These specific guidelines provide a starting point for merchants when considering tokenization implementations. The council will continue to evaluate tokenization and other technologies to determine the need for further guidance and/or requirements," said PCI SSC general manager Bob Russo.

The group noted that the new guidelines do not impose additional requirements for PCI compliance and do not endorse a specific technology.

An increasingly intimidating online threat landscape should ensure that more organizations than ever are cognizant of these new best practices and act to protect themselves from potential attack, according to experts.