PCI Compliance

The Payment Card Industry Data Security Standard is a security standard for companies that handle credit cards to reduce credit card fraud. The PCI standard is mandated by the major credit card companies but administered by the PCI Security Standards Council. Validation of compliance with the PCI Standard is routinely performed by either Self-Assessment Questionnaire (SAQ), by an external Qualified Security Assessor (QSA), or by a firm-specific Internal Security Assessor (ISA).

The PCI Standard has 12 requirements for compliance, organized into 6 groups:

Build and Maintain a Secure Network and Systems

Protect Cardholder Data

Maintain a Vulnerability Management Program

Implement Strong Access Control Measures

Regularly Monitor and Test Networks

Maintain an Information Security Policy


Tokenization is a security protocol for replacing sensitive data like credit card numbers, with symbols that keep all the sensitive information without compromising security. Tokenization is used to protect credit card and bank account information handled by payment processors. Instances where tokenization is used include online or purchases ( eCommerce), mobile wallets like Apple Pay or Android Pay, and businesses that keep a customer’s credit card on file.
When the sensitive information is substituted by symbols, those symbols are the “Token”. The token then becomes the exposed information and the sensitive data is stored in a secure Token Vault.

Here are some of the benefits of tokenization:

It is more compatible with older technology than encryption

It doesn’t use as many resources as encryption

Reduced risk of exposing information in a data breach

Enhances customer trust in purchasing by increasing security & convenience

It reduces the steps of PCI compatibility