The organization that issues standards for the payment industry is encouraging the adoption of tokenization products, which swap out sensitive credit card information for randomly generated numbers in order to prevent fraud.
The Payment Card Industry Security Standards Council released a set of guidelines for tokenization this week, a sign of the idea’s increasing traction as online payment fraud persists.
{mosads}The standards are aimed at manufacturers of tokenization products and companies that want to use them, and were developed in partnership with industry players, the group said.
“Minimizing the storage of card data is a critical next step in improving the security of payments, and tokenization does just that,” said the council’s general manager, Stephen Orfei, according to news website Security Week.
“Helping merchants take advantage of tokenization, point-to-point encryption (P2PE) and EMV chip technologies as part of a layered security approach in current and emerging payment channels has been a big focus,” Orfei said.
Tokenization has become associated with products like Apple Pay, which use it to protect transactions.
The idea is simple: Even if a hacker gains access to a list of retail transactions, he or she could not use the information to make more purchases because the card numbers would be replaced by one-time-use codes.
Apple Pay has gained traction since its launch in October despite suggestions that it has a higher rate of fraud compared to regular card payments. Apple says this fraud is due to negligence on the part of banks, not problems with its product.
The White House recently announced that Apple Pay would be available as an alternative to federal payment cards in systems like GSA SmartPay and would be available for transactions with national parks.
The council’s standards outline best practices for generating, use, storing and classifying tokens, according to Security Week.