A PCI Security Standards Council Press Release was quoted by the whitepaper on the issue of Tokenization where the General Manager of the PCI SSC, Bob Russo had said that tokenization should be executed as an added PCI DSS ‘level’. The tokenization whitepaper took issue being that tokenization should be sanctioned instead to encryption as an alternative to yet another level of protection that the Retailer could optionally execute. The unfortunate reality is that the PCI Standards Security Council runs and it’s they who define the PCI DSS, not any sellers of special security point-products. Additionally, where I’d say the statement above is totally wrong where they say is ‘It Is not about layering’ because the PCI DSS – and practice in general in security – is definitely about layering!
The reason the PCI DSS is generally viewed as too prescriptive and overbearing in its demands for security procedure that is so much is that card data theft occurs on a daily basis. What is more relevant is polymorphous, or that whilst card date larceny can be caused by intelligent hackers malware, or cross-site scripting if not card skimming using PEDs that are imitation.
So what’s the alternative? Tokenization will not help if it gets targeted by malware or if it gets switched off, or if it’s a struggle with a windows patch, or just avoided by a card – additionally it will not protect against an unintentional or malicious violation that is internal. In summation – Tokenization is undeniably a security measure that is good for protecting cardholder data, but it does not remove the need to execute all PCI DSS measures. ‘There hasn’t been and there ISN’T ANY SILVER BULLET as it pertains to security. Actually the only practical means to fix card data theft is layered security, managed all the time with strict checks and balances. What PCI Retailers want now and will continue to need later on is quality, proven PCI options from a specialist with a lengthy background in practicing the Art of Layered Security, joining multiple security areas to shield from outside and internal dangers, joining such things as great change management, file integrity observation with SIEM for example to supply the required vigilance crucial for tight data protection security.
NNT is a top supplier of general Security and PCI DSS and Compliance options. As Security Services Provider and a PCI DSS Compliance Applications Maker, we’re steadfastly focused on helping organizations protect their sensitive information against network violations and security risks in the cost effective and best way. NNT options are straightforward to use and offer extraordinary affordability, making it affordable and simple for organizations of any size keep and to attain conformity constantly. Each product has the guidelines of the PCI DSS at its heart, which could then be tailored to satisfy outside compliance initiative or any internal best practice.