Tokenization helps in storing sensitive Permanent Account Number information such as Credit Card numbers in a secure format to aid PCI DSS compliance.
Setting up PAN Storage
The PAN numbers are stored in a secure vault. The vault could be a relational database which has a JDBC compliant driver or an external vault provided by a third party.
When a database is chosen as the vault, the PAN number is stored in an encrypted format inside the vault.
The following properties can be configured for the Database.
The name of the database server where the data needs to be stored.
The JDBC driver class name to connect to the said database. This property gets automatically populated when a specific database is chosen.
The URL of the database server which stores the card holder data. Most of the URL is populated when the database is selected. Details like host name and port have to be specified in the place holders.
The name of the user which enables the user to connect to the database.
The password for the user specified under the attribute Username. The password is stored in an encrypted form.
To use an external vault, a custom class needs to be implemented for tokenization operations. The class should be an implementation of the interface shown below. For security reasons, the jar needs to be placed in the gateway server belonging to the CDE (Card holder Data Environment) directly.
The following policies are part of Tokenization: