Industry News

28/04/2010 - Thales, a communications and information provider, and the Ponemon Institution recently surveyed 155 Qualified Security Assessors regarding updates to the Payment Card Industry Data Security Standards and posted their results on Tuesday, which identified three major trends, the Miami Herald reports.

First, with encryption being among the most effective ways to achieve compliance, clarification will be heavy regarding any encryption or key management issues. Second, slightly less than half of respondents believe tokenization will be used to maximize data security while keeping costs low. Lastly, Tier 1 merchants are paying an average of $122,000 more than Tier 2 merchants to conduct and maintain QSA assessments.

Franck Greverie, vice president for security activities at Thales said, "by offering merchants insight into the new requirements likely to be included in the PCI DSS update and the current solutions in the marketplace to address these risks, this survey enables organizations to deploy the necessary technologies before the update is issued to give them a head start to enhance compliance efforts and, most importantly, better protect sensitive cardholder data."

Tokenization, along with end-to-end encryption and virtual networks, was mentioned in a report released last September, and relayed by StorefrontBacktalk.com, as a potent new technology that could ease PCI compliance for payment processing companies.