Recommendations for a New Era of Compliance
Take a more proactive approach to managing the complexity of compliance.
Right now there is a lot of discussion over the merits of using tokenization to manage credit card data. The idea is that rather than storing credit card data, merchants would only store tokens representing that data, which would actually be processed by a third-party service that is highly secure. This approach essentially offloads any responsibility for the security of the credit card data from the merchant.
The challenge is finding an easy way to deploy tokenization, especially when you consider that most small merchants don't have a lot of IT expertise. To address this issue, Intel has rolled out the Intel Expressway Tokenization Broker, an appliance that is based on the Intel SOA gateway technology.
The basic idea, says Blake Dournaee, Intel Expressway Service Gateway product manager, is to come up with a turnkey approach that can be easily integrated with managed PCI DSS services via SOAP interfaces. That turnkey appliance approach should eliminate most of the headaches associated with deploying tokenization while creating a path from which companies can outsource the management of PCI DSS compliance.
There's no doubt that one of the biggest challenges with PCI DSS is its complexity, which is why most IT organizations are going to be off letting specialists deal with it. After all, PCI DSS is something you need to comply with in terms of meeting a base level of security, but it's not something that adds a whole lot of real value to the business beyond avoiding fines and penalties and keeping auditors at bay.