The concept of a token has been used in the digital world for almost 50 years to separate and protect real data elements from exposure. In recent times, the concept of tokenization has been used as a security mechanism for protecting sensitive data. When using tokens for data security, non-sensitive data elements that have no exploitable value act as a substitute for sensitive data elements. The tokens act as an identifier/reference that maps back to the sensitive data that is being protected through the tokenization system. Here we look at banking grade tokenization in relation to PCI DSS.

The protection and secure management of cryptographic keys is crucial for ensuring that cryptography is used in the most effective way to keep data secure. Picking the wrong key management system (KMS) can thwart all the efforts that have been made in using cryptography to protect information.

Credit cardholders are generally protected from liability if unauthorized transactions are made with their credit cards because of consumer protection laws and card policies. This leaves merchants and financial institutions on the hook for losses related to credit card fraud. According to an October 2016 Nilson Report, card issuers were burdened with 72 percent of fraudulent losses in 2015 while merchants were left with 28 percent of the losses.

This article summarizes the basic cryptographic security services that can be used to protect information (or as a supporting protective mechanism) against attacks, as described in the NIST Special Publication 800-57 (1, rev.4) for Key Management.

EMV chips on payment cards contain cryptographic co-processors and dual interfaces that allow for contact and contactless payment options. When issuing an EMV card, the customer’s information is extracted from the bank or financial institution’s database.

The World Wide Web Consortium or W3C as it is commonly known was founded in 1994 by the original architect of the World Wide Web, Tim Berners-Lee. It is a consortium of international companies that are involved with the Web and the Internet.

Under the eIDAs Regulation, specifications for formatting advanced electronic signatures for PDF documents are set under PAdES. PAdES is the electronic signature design for PDF Advanced Electronic Signatures.

The ZertES legislation (Swiss digital signature law) was placed into effect in Switzerland on December 19, 2003. The purpose of this legislation was to regulate the manner for which trust service providers could use certification services with electronic signatures.

One of the greatest benefits of the digital age is the availability of being able to perform many different government processes online in a shorter amount of time versus having to depend upon the postal service or taking time out of a busy day to go stand in a line at a government office.