six_ways_to_reduce_pci_dss_audit_scope_by_tokenizing_cardholder_data_33194

Six_ways_to_reduce_pci_dss_audit_scope_by_tokenizing_cardholder_data_33194

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permited without express written permission. Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data Enterprises are seeking ways to simplify and reduce the scope of the Payment Card industry's data security standard (PCi dss) compliance by shrinking the footprint where cardholder data is located throughout their organization. By reducing the scope, these enterprises can dramatically lower the cost and anxiety of PCi dss compliance and significantly increase the chance of audit success. Compliance with the PCi dss is a combination of documented best practices and technology solutions that protect ca... Copyright SANS Institute Author Retains Full Rights AD A NUBRIDGES WHITE PAPER Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data Enterprises are seeking ways to simplify and reduce the scope of the Payment Card Industrys Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organization. By reducing the scope, these enterprises can dramatically lower the cost and anxiety of PCI DSS compliance and signi cantly increase the chance of audit success. Compliance with the PCI DSS is a combination of documented best practices and technology solutions that protect cardholder data across the enterprise. This paper explores the use of tokenization as a best practice in improving the security of credit card transactions, while at the same time minimizing the cost and complexity of PCI DSS compliance by reducing audit scope. A NUBRIDGES WHITE PAPER White Paper: Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data | www.nubridges.com 2009 nuBridges, Inc. All rights reserved. 2 Introduction The scope of PCI DSS compliance for any organization is signi cant both in terms of e ort and cost. In a PCI DSS audit, all systems, applications and processes that have access to credit card information, whether encrypted or unencrypted, are considered in scope. The October 2008 update of the PCI DSS documentation (version 1.2) states that companies can reduce the PCI DSS audit scope using network segmentation to isolate the cardholder data in a secure segment. From an application perspective, tokenization functions similarly to network segmentation. These are complementary, not either/or approaches for organizations to consider as they map out their data protection and compliance strategies. The Payment Card Industry Data Security Standard, Version 1.2 Network segmentation of, or isolating (segmenting), the cardholder data environment from the remainder of the corporate network is not a PCI DSS requirement. However, it is recommended as a method that may reduce: The scope of the PCI DSS assessment The cost of the PCI DSS assessment The cost and difficulty of implementing and maintaining PCI DSS controls...
View Full Document

Page1 / 10

Six_ways_to_reduce_pci_dss_audit_scope_by_tokenizing_cardholder_data_33194

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online