Best Practices for Choosing a Tokenization Vendor

Best Practices for Choosing a Tokenization Vendor

According to leading research organizations that study data theft, breaches are occurring more often and businesses are paying more dearly when their security is compromised. Those who experience a breach often face lawsuits, the loss of existing customer confidence, damage to their brand, the loss of future revenue from customers who take their business elsewhere, and fines by the major credit card companies for not complying with the stringent security requirements of the Payment Card Industry Data Security Standard (PCI DSS).


When choosing a tokenization solution for securing credit card data, be sure your service provider can answer best-practices questions like these:

  1. Is the provider certified for PCI-DSS compliance by an independent auditor?
  1. Does the tokenization service monitor and detect malfunctions or anomalies/suspicious activity, then alert system administrators and automatically block token requests?
  1. Are credit card tokens randomly generated, so that they cannot be reverse-engineered by a criminal intent on stealing the card’s original Primary Account Number (PAN)?
  1. Are the credit card numbers stored offsite from the merchant in a PCI-compliant environment – away from your company’s internal servers – and then encrypted properly under PCI requirements?
  1. Does the vendor enable customers to safely accept payments in various electronic formats including credit cards over the Internet, phone, mail order or fax?
  1. Does their solution support secure, real-time or file-based processing of credit card data?
  1. For processing credit card payments, do they safely support wallet functionality to maintain cards-on-file for repeat customers, eliminate data re-entry, and enable easy card record updates and additions in real time?
  1. Do they support major card processing platforms and allow the tokenization service and card-processing tools to be unbundled from the processing network itself?
  1. Does the vendor’s solution offer standalone tokenization as well as in combination with throughput payment processing?
  1. Does the vendor’s tokenization-payment processing service also accept Level-3 line-item detail on customer purchase transactions, permitting cost savings for the merchant in the form of lower card interchange fees?
  1. Is the vendor able to process, then tokenize, customer credit card transactions on all major payment processing networks, including:
    • American Express CAPN Direct
    • Elavon
    • First Data Merchant Services – North
    • First Data Merchant Services – South
    • Global Payments – East
    • TSYS Acquiring Solutions
    • Vantiv
    • WorldPay


For more information about CardVault and how 3Delta Systems applies these best practices every day,

give us a call at (703) 234-6010 or drop us a line at


Our staff writers represent 3Delta Systems (3DSI). 3DSI offers products that would add real value to procurement and payment processes. Our various products are robust, easy to deploy payment solutions for merchants that require fully-hosted Internet-based payment systems and Level 3 line item transaction detail.