ANNAPOLIS, Md. – Oct. 3, 2017 — Today the Accredited Standards Committee X9 Inc. (X9) announced the publication of X9.119 Protection of Sensitive Payment Card Data – Part 2: Implementing Post-Authorization Tokenization Systems. This new ANSI standard defines the minimum security requirements for implementing tokenization in systems that operate after a payment has been approved, to protect sensitive payment card data from data breaches.
Tokenization is the use of a data element called a token that has no intrinsic value or meaning, as a substitute for a sensitive data element such as a credit card number or other customer data. If a system using tokens is hacked, the payment card material stolen will be useless to the thieves. Increasingly, payment card transactions use tokens to prevent disclosure of sensitive data during data breaches, as do other, non-payment applications; standards for tokenization are needed to ensure uniform procedures and true security.
X9.119-2 is available from the X9 Standards Store. The new standard was developed by the Cryptographic Protocol and Application Security Working Group of the X9F Data & Information Security Subcommittee.
“X9.119-2 is an important new addition to the existing body of tokenization standards,” said Steve Schmalz of RSA, editor of the standard. Jeff Stapleton of Wells Fargo, Chair of the working group, agreed. “Our efforts included input from across the financial industry and the security community, and the end result is a valuable synthesis of a range of views on tokenization and its implementation. X9.119-2 will be beneficial to the entire financial services industry, from merchants to acquirers to banks and software providers participating in post-authorization activities. Of course, consumers will be the biggest beneficiaries, with their sensitive data secured by proper use of tokens.”
About the Accredited Standards Committee X9 Inc.
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop both domestic and international standards for the financial services industry. X9 has over 100 member companies and over 400 company representatives that work to develop and maintain approximately 100 domestic standards and 58 international standards.
The subjects of X9’s standards include: retail and mobile payments; printing and processing of checks; corporate treasury functions; block chain technology; processing of legal orders issued to financial institutions; tracking of financial transactions and instruments; tokenization of data; protection of financial data at rest and in motion; electronic contracts; and remittance data in business payments. X9 also performs the secretariat function and provides the committee chair for ISO TC 68, which produces international standards for the global financial services industry. For more information about X9 and its work, visit www.x9.org.