Tokenization Emerges as New Cost-Savings Tool; Results Highlight Status
Atlanta — December 1, 2009 —
Companies still face significant hurdles when it comes to protecting customer data with the Payment Card Industry Data Security Standard (PCI DSS), according to a recent survey conducted by Computerworld and sponsored by nuBridges, the secure eBusiness authority. While over half of the companies surveyed have initiatives aimed at achieving PCI DSS compliance, two–thirds have yet to pass a PCI DSS audit and almost three–quarters are not entirely satisfied with how they store customer data. Additionally, 41 percent of IT and business leaders who answered the survey say their organizations saw some type of data breach in the past 12 months.
“Survey responses showed that even companies that pass PCI DSS audits are not always comfortable with how well they can protect consumer information—a concern that is confirmed by high–profile breaches at compliant organizations such as Heartland Payment Systems,” said Gary Palgon, vice president of Product Management for nuBridges. “Many companies have spent considerable time and resources to achieve compliance, yet still face numerous ongoing PCI DSS and security issues.”
Conducted in August 2009, the Computerworld survey sought to assess the level of PCI DSS compliance at organizations processing 20,000 or more payment card transactions annually. As part of the survey, respondents also identified challenges they have encountered in their PCI DSS efforts — with encryption, event logging, data in transit and key management listed most frequently. Among other findings, almost 90 percent of respondents said they are set to review their payment card security practices in the next 12 months; and tokenization has emerged as a means for reducing the scope of PCI DSS compliance at many organizations.
“Tokenization decreases the number of data points that maintain credit card data, and the technology is gaining traction as a means for lowering ongoing compliance costs,” said Palgon. “Substituting a token—or surrogate value—in place of the original data means there are fewer occurrences of credit card data in the enterprise, which reduces the scope of systems subject to the PCI DSS mandate.”
For additional survey findings, read the entire report from Computerworld, entitled “The State of PCI DSS Compliance at Organizations Today.”
Liaison Technologies is a global integration, data management and data security company. It provides unique and high-value services to move, transform and manage business information in the cloud, and to protect data to help organizations master complex security challenges and meet compliance mandates. With a comprehensive array of business-to-business and application-to-application integration and data transformation services, as well as on-premise and cloud-based data security solutions, Liaison's practitioners implement data management infrastructures adapted to each client's specific business requirements. Headquartered in Atlanta, Liaison has offices in the Netherlands, Finland, Sweden and the United Kingdom. For more information, visit www.liaison.com.
Liaison and the Liaison logo are trademarks of Liaison Technologies, Inc. All other names or product names mentioned in this release are trademarks or registered trademarks of their respective companies.