Prioritize token usage
Summary
All systems related to credit cards must use tokens instead of storing card information.
Description
When processing transactions, systems can use tokens instead of the actual credit card information. This allows secure communication between systems without exposing sensitive details during transactions.
References
- MITRE-M1036. Account use policies
- PADSS-2_3. Render PAN unreadable anywhere it is stored
- PADSS-3_1_4. Application employs methods to authenticate all users
- HITRUST-06_d. Data protection and privacy of covered information
- IEC62443-CR-1_1-RE_1. Unique identification and authentication
- WASSEC-3_1. Session management capabilities
- OSSTMM3-11_15_3. Data networks security (privileges audit) - Escalation
- OWASPSCP-4. Session management
- SWIFTCSC-5_2. Token management
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.