First Data

Visa has issued tokenization best practices , and our industry colleague, Rob McMillon at RSA, has provided some initial feedback on what is contained within the best practices. In addition, both First Data and RSA discussed industry standards in recent posts a few weeks ago.

I think it is an important conversation for the industry to have, and as Rob states, “standards tend to be easy to add to, but practically impossible to subtract from”. Visa labels its tokenization best practices as version 1.0, so I anticipate that this is just a starting point in developing future standards. Visa opened the discussion up to the industry by soliciting feedback on the best practices by August 31, 2010. I encourage you to provide your feedback, so we can help develop industry standards. E-mail your comments to inforisk@visa.com with “Best Practices for Tokenization” in the subject line.

We see tokenization as an important component in protecting merchants and their customers from data breaches. We are excited to help influence the future of this technology and its use in a merchant environment.