Perspective: Data Security Standards with Tokenization and Encryption
A topic brought up earlier this month touched on what data encryption and tokenization will mean for payments industry standards, I would like to build on what these standards could look like.
In a recent post on the RSA Speaking of Security blog, Robert McMilon discusses considerations for the payments standards bodies. One in particular that I would like to address is, according to Rob, "standards should not focus on the formatting of the tokens, trying to mandate that tokens conform to a certain number of characters, or the types of characters used."
This is important because the data that comprises a token is random; the token can have the same 16-character format as a credit card, which is powerful for merchants as it enables them to use it in back-end databases and business applications without modifying those systems. If you are not able to map the token with the individual cardholder, merchants will lose valuable information such as trends and customer buying behavior.
This is just one of many considerations the standards bodies will be looking at during the coming months. The final output is uncertain, but hopefully First Data and RSA’s collective thoughts will have an impact on what is ultimately developed.
To read more about what future payments standards could look like, visit RSA’s blog, Speaking of Security .