305 – Prioritize token usage

Summary

All systems related to credit cards must use tokens instead of storing card information.

Description

When processing transactions, systems can use tokens instead of the actual credit card information. This allows secure communication between systems without exposing sensitive details during transactions.

Supported In

Advanced: True

References

• MITRE-M1036. Account use policies
• PADSS-2_3. Render PAN unreadable anywhere it is stored
• PADSS-3_1_4. Application employs methods to authenticate all users
• HITRUST-06_d. Data protection and privacy of covered information
• IEC62443-CR-1_1-RE_1. Unique identification and authentication
• WASSEC-3_1. Session management capabilities
• OSSTMM3-11_15_3. Data networks security (privileges audit) - Escalation
• OWASPSCP-4. Session management
• SWIFTCSC-5_2. Token management

Last updated

2024/01/18