The Payment Card Industry Data Security Standard is a security standard for companies that handle credit cards to reduce credit card fraud. The PCI standard is mandated by the major credit card companies but administered by the PCI Security Standards Council. Validation of compliance with the PCI Standard is routinely performed by either Self-Assessment Questionnaire (SAQ), by an external Qualified Security Assessor (QSA), or by a firm-specific Internal Security Assessor (ISA).
Tokenization is a security protocol for replacing sensitive data like credit card numbers, with symbols that keep all the sensitive information without compromising security. Tokenization is used to protect credit card and bank account information handled by payment processors. Instances where tokenization is used include online or purchases ( eCommerce), mobile wallets like Apple Pay or Android Pay, and businesses that keep a customer’s credit card on file.
When the sensitive information is substituted by symbols, those symbols are the “Token”. The token then becomes the exposed information and the sensitive data is stored in a secure Token Vault.