Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data

by nuBridges, inc
Sept. 1, 2017 0 comments SANS Institute Management ecommerce

The scope of PCI DSS compliance for any organization is significant both in terms of effort and cost. In a PCI DSS audit, all systems, applications and processes that have access to credit card information, whether encrypted or unencrypted, are considered in scope. The October 2008 update of the PCI DSS documentation (version 1.2) states that companies can reduce the PCI DSS audit scope using network segmentation to isolate the cardholder data in a secure segment. From an application perspective, tokenization functions similarly to network segmentation. These are complementary, not “either/or” approaches for organizations to consider as they map out their data protection and compliance strategies