First Data And RSA "Legitimize" Tokenization-Then What?

The conventional wisdom is that when large vendors enter a niche market, those vendors "legitimize" that market. But the announcement that First Data and RSA Security are getting into the credit card tokenization business raises many issues beyond them simply "making" the tokenization market. Here is my first take on the implications of this announcement:

Posted from StorefrontBackTalk

  • Pressure On The PCI SSC To Embrace Tokenization
    The PCI Security Standards Council already commissioned Price-Waterhouse Coopers to do a study of tokenization, end-to-end encryption and other "beyond PCI" issues. The results will likely be discussed at the PCI SSC Community Meetings. That's great. Merchants, service providers and even QSAs want specific guidance about tokenization. This announcement and the weight of the players in the market should virtually guarantee that tokenization will be specifically addressed in the next release of PCI DSS, in addition to QSA training and other guidance from the SSC.

  • Pressure On Payment Processors And Gateways
    I have said before that the number of companies offering tokenization will increase several-fold within a year. We've already seen about a dozen players enter the market in the last six months. I'm expecting 30 to 40 more announced packages over the next six months, as payment processors, gateways, encryption vendors and application vendors all vie to see who can remove credit card data from the merchant environment the fastest.

  • Tokenization Standards And Portability Will Be Hot Topics In 2010
    The more options in the market, the more the demand for "token switching" will increase. Merchants who have entrusted their card data to Service Provider X will increasingly seek shorter duration contracts and have more specific demands about how they migrate their data from one tokenization provider to another.


    Because there are not currently any standards for either the form of a credit card token, how it is generated or how one token type can be converted to another (they can't, BTW), as more merchants realize this, they will raise concerns about being "locked in" to a particular tokenization approach. Smaller vendors will develop "token migration" or conversion tools, etc.

  • Multi-Channel Options And Other Complexity Issues Will Emerge


    Read rest of story at StorefrontBackTalk


  • Recent Entries

    IKEA Execs Discuss Launch Of US Loyalty, Use Of Mobile Medium
    Written by Amanda Ferrante   Tuesday, 15 September 2009 00:00Well known for its innovative approach customer relationship management, home furnishings retailer IKEA has…
    First Data And RSA "Legitimize" Tokenization-Then What?
    The conventional wisdom is that when large vendors enter a niche market, those vendors "legitimize" that market. But the announcement…
    New driver license legislation proposed
    Some believe that new proposed driver license legislation would help states better secure IDs while also protecting citizen privacy. Others…
    Patients are keen on self-service healthcare
    American are taking a shine to self-service healthcare.They may not be snatching the scalpel out of their doctor's hands and…
    Touchscreen Technology Website
    News from 3M on multi-touch and also launch of new "education" site touchtopics.com which is to explain all various touchscreen…
    PCI Best Practice Supplement for Merchants
    August 2009 release of best practice doc, PCI_skimming_prevention_form.pdf, directed at skimming attacks. Illustrates how exposed terminals in POS are targeted by…
    Cloud Computing - Does Amazon fail PCI Compliance?
    There's an ongoing debate about the ability of cloud computing services to meet enterprise regulatory compliance requirements, including the Payment…
    End-to-End Tokenized Encryption
    EPX now extends data protection to what I call the 'first inch" of a transaction, i.e., from the plastic to…
    Guidelines - PCI DSS Wireless Guideline Supplement
    Dcument purpose  - This document provides guidance and installation suggestions for testing and/or deploying 802.11 Wireless Local Area Networks (WLAN)…
    Healthcare - Building Kiosks From Scratch
    In an era of consumerism, physician group practices are looking for ways to improve customer service and gain loyalty. So…
    Trends - Number of retail medical clinics shrinking
    Projections that showed there would be 2,500 retail clinics operating by 2010 are coming up short as the industry has…
    Wireless transactions and PCI DSS 1.2 Compliance
    Article covering wireless transaction and protocols in context of PCI compliance. Amazing that 11% use WPA2. Gist of article is…
    EMV Level 2 - Just what does it mean?
    The purpose and goal of the EMV standard is to specify interoperability between EMV compliant IC cards and EMV compliant…
    CUPPS: The Platform of the Future (Airline Kiosk)
    CUPPS has been architected as the platform of the future, able to accommodate many things even beyond the agent-facing applications…
    EMV takes aim at U.S.
    Nice article on SecureIDnews covering EMV. by Andy Williams, Associate Editor, Avisian PublicationsLike a massive tidal wave, EMV continues to roll…
    Tokenization and Enterprise Security
    Nice article on tokenization which also highlights lack of formal standards for tokenization at this time.¬†Credit Card Tokenization: Put All…
    Wal-Mart's Kiosk Trial Raises Serious PCI, Data Ownership Issues
    Wal-Mart this month became the latest major retailer to experiment with self-service kiosks, selling space in 77 stores for units…
    Proximity (NFC) Mobile Payment Technology - Security Whitepaper
    The opportunities offered by the advent of proximity mobile payments are clear; differentiated payment services, increased transaction volumes, faster transactions,…
    Look Beyond Hospitality Touch Screen Solutions
    Whether you realize it or not, touch technology quickly is becoming the intuitive input delivery method of choice. Look no…
    Level 4: The small-merchant PCI challenge
    While sensational data breaches experienced by big-box retailers and processors fill the headlines, 85 percent of reported data compromises involve…



      |