July 14, 2010

Visa issues tokenization guidance, clarifies rules around storage of card numbers

Visa on Wednesday released a four-page document that offers best practices for tokenization, the process by which 16-digit credit card numbers are replaced with unique symbols. The guidance is meant to reduce risk for merchants, vendors, service providers and acquiring banks. It covers such areas as detecting suspicious activity so attackers cannot compromise the token system. In addition on Wednesday, Visa, in conjunction with the National Retail Federation trade group, clarified its operating rules around storage of sensitive information. According to the card brand, issuing banks must accept a disguised or truncated card number on transaction receipts for dispute resolution. Also, merchants are permitted to store disguised or truncated card numbers to reduce the amount of data that could be retrieved by attackers. — DK
Related Articles
Related Topics
Related Links

More in News

Google hackers wanted to know which Chinese intel operatives were being watched

Attackers who raided Google in 2010 to learn information about Chinese human rights activists were also trying to gain insight on which Chinese intelligence agents were on the radar of U.S. authorities, according to a report.

California law would require breach notice if online account information is stolen

The new legislation would amend the definition of "personal information" under the state's breach notification law.

Liable to attack: Cyber insurance can help organizations cover the cost of breaches

Liable to attack: Cyber insurance can help organizations ...

Everyone is familiar with health, flood, car and life insurance, but what happens when the digital equivalent of a disaster strikes? Some entities may want this peace of mind, but ...