PCI Council's New EMV Payment Rules Are Worth Reading Closely

The PCI Council in late December rolled out its security rules for token service providers for EMV payment tokens, which overwhelmingly deals with mobile transactions. Today, the card brands handle the vast majority of tokens issued, but the council expects that to sharply change now that EMVCo has released the specification. Given the importance of tokens to payment facilitators, it's worth a read.

One of the fun things that this document does, in pure PCI Council fashion, is deliver more acronyms. Yes, these are brand acronyms. (No, no need to thank them.) One is TDE, for Token Data Environment. An important term--not an acronym yet, sadly--is Payment Token Data, which has a very specific definition: "Covers a number of discrete data elements, including the Payment Token and related data as defined in the EMV Payment Tokenisation Specification Technical Framework, which include the Payment Token Expiry Date, Payment Token Requestor ID, Payment Token Assurance Level and Payment Token Assurance Data."