To keep the merchant out of scope, the tokenization process must not be "reversed" for any reason, such as processing chargebacks or refunds, updating a credit card expiration date, or for marketing or analysis purposes, loyalty program management, and so on.
|Data Tokenization Flowchart|
1. The tokenization system does not provide PAN [Primary Account Number] in any response to any application, system, network, or user outside of the merchant’s defined CDE [Card Data Environment]. All tokenization components are located on secure internal networks that are isolated from any untrusted and out-of-scope networks.
3. Only trusted communications are permitted in and out of the tokenization system environment.
4. The tokenization solution enforces strong cryptography and security protocols to safeguard cardholder data when stored and during transmission over open, public networks.
5. The tokenization solution implements strong access controls and authentication measures in accordance with PCI DSS Requirements 7 and 8.
6. The tokenization system components are designed to strict configuration standards and are protected from vulnerabilities.
7. The tokenization solution supports a mechanism for secure deletion of cardholder data as required by a data-retention policy.
8. The tokenization solution implements logging, monitoring, and alerting as appropriate to identify any suspicious activity and initiate response procedures.