ANSI X9.119-2 has just been released. It’s an essential standard for protecting your credit card information. Here’s the title: Retail Financial Services – Requirements for Protection of Sensitive Payment Card Data – Part 2: Implementing Post-Authorization Tokenization Systems. It includes the minimum security requirements for implementing tokenization with post-authorization systems to protect sensitive payment card data.
The standard was developed by professionals in the industry. Both commercial and government interests were represented. This token scheme represents a way to make it more difficult for hackers to gain access to your private information during retail transactions.
What is tokenization? It’s the use of a non-sensitive data substitute for information that needs to be protected. This particular scheme is very secure, since the token cannot be de-encrypted except by the valid recipient under any circumstances.
The 64-page ANSI X9.119-2 and its companion standard ANSI X9.119-1 replace the older ANSI X9.119. Taken together, the two standards give you the necessary information you need for implementation. The Part 1 from May of last year covers using encryption methods for retail financial services. The new Part 2 is on the implementation of a class of systems called post-authorization tokens.
The standard is arranged in the usual format. Four opening sections cover scope, referenced documents, terms, and symbols (including abbreviated terms). Section 5 reviews the sensitive payment card elements. Sections 6 and 7 are on tokens and tokenization systems respectively. Section 8 reviews the schema for identification and referencing of tokenization methods.
In addition, Annex A (a required part of the standard) is on the abstract schema. Annex B, also normative, is on acceptable tokenization techniques. Annexes C and D are both informative. They cover static table-driven tokenization reference schemes and token user-cases and guidance.
For those of you handling sensitive payment data, these standards will be particularly important. To get your copies, choose an authorized distributor like Document Center Inc. All ANSI X9 standards can be ordered at our website, www.document-center.com. Here are direct links to the order page for ANSI X9.119-2 and to the order page for ANSI-X9.119-1 for your convenience.
Document Center Inc. has been working with standards since 1982. We are a trusted resource for many organizations around the globe. If you have additional questions or are interested in our Standard Online cloud-based access service, get in touch. We can be reached by phone (650-591-7600) or email (info@document-center.com). Find out why so many people make us their Standards Experts!