Contents

Popular
 Contents

Tokenization helps in storing sensitive Permanent Account Number information like Credit Card numbers in secure format to aid PCI DSS compliance.

Setting up PAN Storage

The PAN numbers are stored in a secure vault. The vault could be a relational database which has a JDBC compliant driver or an external vault provided by a third party.

Database Vault

When database is chosen as the vault, the PAN number is stored in an encrypted format inside the vault. 

The following properties can be configured for the Database.

Database

The name of the database server where the data needs to be stored. 

Driver

The JDBC driver class name to connect to the said database. This property gets automatically populated when specific database is chosen.

URL

The URL of the database server which stores the card holder data. Most part of the URL is populated when the database is selected. Details like host name and port have to be specified in the place holders. 

Username

The name of the user to connect to the database.

Password

The password for the user specified under the attribute password. The password will be stored in encrypted form.

External Vault

To use an external vault, a custom class needs to be implemented for tokenization operations. The class should be an implementation of the interface shown below. For security reasons, the jar needs to be placed in the gateway server belonging to the CDE (Card holder Data Environment) directly.

Vault Interface

PCI DSS compliance Guidelines

Icon
  • The gateway server belonging to the environment in which the projects containing Tokenization Policies are deployed comes under the CDE.
  • The encryption key configuration is not available in the management dashboard to avoid API Management Server from becoming part of CDE.  
  • The Token Generation and PAN retrieval polices must be part of different API Projects, which in turn should be part of different API Products with separate keys.

Policies

The following policies are part of Tokenization:

Adaptavist ThemeBuilder EngineAtlassian Confluence