Akamai Technologies Monday announced a service that can take sensitive payment-card information input from e-commerce merchants and others and hide it using a scrambling method known as tokenization in order to reduce liability under the Payment Card Industry data security standards.
"The token is held by the merchant's infrastructure," says Neil Cohen, Akamai's director of product marketing, about the service. The payment-card information itself is sent through the usual card-processing channels for authorization. The Edge Tokenization service is being done through a strategic alliance with CyberSource, a Visa subsidiary. Cohen declined to discuss pricing for the service.
Without tokenization, the payment-card information would be sent to an e-commerce merchant in a human-readable form that would require the merchant to protect it using the various methods proscribed under the PCI Data Security Standards rules, such as encryption.
But if the payment-card number is received by the online merchant in a scrambled form, the merchant in theory would not be facing the issues associated with keeping human-readable card information from being wrongly exposed. "They greatly reduce their liability," Cohen says.
The Edge Tokenization service is now in beta and will be generally available next month. Akamai says it maintains 70,000 servers in 70 countries, and the Akamai network itself is certified for PCI compliance.
Read more about wide area network in Network World's Wide Area Network section.