https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guideline_with_WiFi_and_Bluetooth_082211.pdf
PCI DSS Tokenization Guidelines
The guide contains the following
key principles related to the use of tokenization and its relationship to PCI
DSS:
1.
Tokenization solutions do not eliminate the need to
maintain and validate PCI DSS compliance, but they may simplify a merchant’s
validation efforts by reducing the number of system components for which PCI
DSS requirements apply.
2.
Verifying the effectiveness of a tokenization
implementation is necessary and includes confirming that PAN is not retrievable
from any system component removed from the scope of PCI DSS.
3.
Tokenization systems and processes must be protected
with strong security controls and monitoring to ensure the continued
effectiveness of those controls.
4.
Tokenization solutions can vary greatly across
different implementations, including differences in deployment models,
tokenization and de-tokenization methods, technologies, and processes.
Merchants considering the use of tokenization should perform a thorough
evaluation and risk analysis to identify and document the unique
characteristics of their particular implementation, including all interactions
with payment card data and the particular tokenization systems and processes.
