Reducing the Scope of PCI Audits Using Tokenization

The requirements for PCI audits specify that if credit card information is available in a network, then the security of the entire network is in scope. This can be an onerous task, so auditors and companies have sought ways to reduce that scope.

One way that works is to use tokenization, which simply places tokens in a network that reference back (for those with the keys) to the actual data.The data can then be kept in a secure location.

This way, the network that holds only the tokens can be excluded from the scope.

Tokenization is a useful solution to the issue of PCI audit scope. For a detailed paper on this topic, check out this reference. Registration is required to obtain the white paper.