We notice you are visiting from a U.S. Internet provider. 
15/02/2010 -
Tokenization and end-to-end encryption can both improve payment processing security and reduce an organisation's PCI scope, thereby saving them money on the PCI compliance process. Yet many organisations are failing to properly implement these technologies, and are therefore losing some of their return on investment, one expert wrote.Walter Conway, a PCI compliance expert and Qualified Security Assessor, wrote in an article for StorefrontBacktalk.com that tokenization and end-to-end encryption can reduce PCI scope, but only if certain conditions are met.
"The main question retailers need to ask is whether they will have the ability to de-tokenize or decrypt the data and return it to plain text," Conway wrote. "If you have this ability, through whatever means, that data is in still scope for PCI and you will have lost a lot of the value of your investment," Conway wrote.
He added that the only way to save money on the PCI compliance process through these deployments is to take away the ability to convert the data back to clear text.
In a recently article for IT Business Edge, payment processing expert Larry Wine advised businesses to consider software-as-a-service-based tokenization solutions, which solves the problem of PCI scope reduction.
