Tokenization vs encryption: RSA touts tokens to reduce PCI DSS pain

    Date24 Jun 2010
    Posted ByAnthony Pell
    Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit credit card number with an encryption algorithm to card-based tokens, which substitute a random token with the hope that it could reduce the scope of a PCI DSS assessment. Robert Griffin, technical director at RSA, the security division of EMC Corp., has been the lead architect in a number of encryption and tokenization projects. In this interview, Griffin, a recognized encryption expert and co-chair of the OASIS Key Management Interoperability Protocol Technical Committee, talks about why RSA's approach to protecting credit card data -- using card-based tokens -- is the most effective way to protect sensitive credit card data from cybercriminals. The security vendor recently released a white paper,Secure Payment Services: Credit Data Security Transformed outlining its position on the technology.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.