Payments On Fire

The payment industry’s responses to ongoing payment security are many. We have procedural approaches and technical ones. For example, we are requiring merchants to attest to their compliance with PCI security standards that themselves include procedural requirements. Technical solutions are also called out by PCI and are, of course, being applied across the ecosystem. Encryption of payment data in flight is one approach. In the physical POS world, semi-integrated POS terminals connect directly to the acquirer’s front end instead of passing card transaction data back through the merchant’s workstation and enterprise system. An important technique, and the topic of this discussion, is tokenization. Tokenization is an ancient security technique. In the broadest sense, a token is just a dummy representation of something of higher value. In cards, that means the replacement of a PAN with a number or even an alphanumeric value that represents the underlying PAN. The mapping between the two is stored in a vault with