In order to reduce ongoing Payment Card Industry Data Security Standard (PCI DSS) assessment costs, organizations are constantly seeking ways to reduce the scope & cost of their PCI DSS assessments. However, they also need to ensure that the pci compliant security technology solutions they choose adequately protect customers' sensitive credit card (PAN data) information from ever-changing internal and external threats that may damage their brand via data breaches. At its most basic level, card data tokenization reduces an enterprise's PCI scope by replacing PAN data with strings of random numbers or characters. The enterprise then uses these tokens in its systems in lieu of PANs for backoffice applications such as sales analysis, payment processing, or customer relationship management.
Implementation solutions include outsourced tokenization via service providers, but this approaches loses control over ownership of valuable business data, introduces 3rd party risk/lock-in, and has added costs through recurring fees. Point-to-point encryption is another viable solution where the entirety of the transaction is encrypted but this brute force solution is often impractical due to PKI key management and other heavy weight changes that must be applied to each target application. Internal tokenization, where the enterprise owns and manages its own solution has emerged as the best practice approach.
Intel provides the industry's only in line security gateway broker that applies data protection through tokenization for data sent to back-end applications. The use of a proxy minimizes application changes by performing data protection on the application payload rather than coded in to the application itself. The broker sits between incoming sensitive data and communicates with back-end systems over standard protocols. It protects data on the wire before it hits the application architecture and acts as a central point for decryption and de-tokenization.