Organizations that process credit card information are confronted with the issue of PCI DSS "scope," which refers to all components of a computing network that directly or indirectly handle card data.
These network components are a primary focus of PCI DSS regulation, compliance, and assessment. Any information system such as a database, web server, or application server that handles credit card numbers can immediately be pulled into PCI scope and become the focus of an assessment.
One of the primary ways to counter the cost and organizational burden of PCI DSS compliance is to reduce overall scope within the enterprise, and the only way to reduce scope is to eliminate accessibility to sensitive card data.
This White Paper discusses how Intel® Expressway Service Gateway generates tokens that replace card numbers with surrogates, removing systems from scope. As always, please consult your organization's Qualified Security Assessor (QSA)—or other compliance professional—on your PCI DSS initiatives.
Related Items
pdf
3 Core Tokenization Models - Choosing the Right PCI DSS Strategy
