Tokenization helps in storing sensitive Permanent Account Number information such as Credit Card numbers in a secure format to aid PCI DSS compliance.
Setting up PAN Storage
The PAN numbers are stored in a secure vault. The vault could be a relational database which has a JDBC compliant driver or an external vault provided by a third party.
Database Vault
When a database is chosen as the vault, the PAN number is stored in an encrypted format inside the vault.
The following properties can be configured for the Database.
Database
The name of the database server where the data needs to be stored.
Driver
The JDBC driver class name to connect to the said database. This property gets automatically populated when a specific database is chosen.
URL
The URL of the database server which stores the card holder data. Most of the URL is populated when the database is selected. Details like host name and port have to be specified in the place holders.
Username
The name of the user which enables the user to connect to the database.
Password
The password for the user specified under the attribute Username. The password is stored in an encrypted form.
External Vault
To use an external vault, a custom class needs to be implemented for tokenization operations. The class should be an implementation of the interface shown below. For security reasons, the jar needs to be placed in the gateway server belonging to the CDE (Card holder Data Environment) directly.
Policies
The following policies are part of Tokenization: