Compliance with Visa Best Practices for Tokenization
As shown below, the Worldpay tokenization solution complies with 11 of the 12 items listed in the Visa Best Practices for Tokenization document. The twelfth item concerns the management of stored historical data (that may contain card information) within your systems. Tokenizing all historical card info when implementing the Worldpay solution would satisfy this item, as would protecting it per PCI DSS requirements.
TABLE 1-13 Visa Best Practices for Tokenization Compliance
|
Item # |
Who |
Domain |
Best Practice |
Complies? |
|---|---|---|---|---|
|
1 |
Worldpay |
Tokenization System |
Network Segmentation |
Yes |
|
2 |
Worldpay |
Tokenization System |
Authentication |
Yes |
|
3 |
Worldpay |
Tokenization System |
Monitoring |
Yes |
|
4 |
Worldpay |
Tokenization System |
Token Distinguishability |
Yes |
|
5 |
Worldpay |
Token Generation |
Token Generation |
Yes |
|
6 |
Worldpay |
Token Generation |
Single- vs. Multi- use Tokens |
Yes |
|
7 |
Worldpay |
Token Mapping |
PAN Processing |
Yes |
|
8 |
Worldpay |
Card Data Vault |
PAN Encrypted in Storage |
Yes |
|
9 |
Worldpay |
Card Data Vault |
Covered by PCI DSS |
Yes |
|
10 |
Worldpay |
Cryptographic Keys |
Key Strength |
Yes |
|
11 |
Worldpay |
Cryptographic Keys |
Covered by PCI DSS |
Yes |
|
12 |
Merchant |
Historical Data Management |
Non-tokenized data protected |
Merchant Implementation Decision |