Everyone who has read my blogs over the past few years or spoken to me about PCI DSS knows my feelings on end-to-end encryption and data replacement technologies.  I have a huge proponent and feel that these technologies will help secure our industry and provide significant benefits in reduction of PCI DSS requirements.  There are a number of companies entering the market with these solutions and we have another.  First Data recently announced their “First Data Secure Transaction Management” solution which combines end-t0-end encryption and tokenization.  You can read their whitepaper here. While a number of companies have been offering this for quite a while (ProPay, Shift4, MerchantLink, TrustCommerce, etc.) the fact that First Data has invested in the technology demonstrates the traction that these solutions have received.  Historically it has been the gateways developing these solutions and now one of the (if not the) largest processors in the world has adopted the technology.  It should be noted that this follows Heartland Payment Systems’ announcement of their end-to-end encryption technology.  With Heartland and First Data developing these advanced solutions I would venture to say that we have reached the proverbial ‘tipping point’ and these technologies are here to stay.

I know I am bound to receive some comments related to this subject.  Before anyone attempts to eviscerate my position let me say that 1) these solutions are not a fit for every merchant 2) yes they do have limitations and 3) they do not ‘guarantee’ security.  That being said, they are much better solutions in many instances that traditional PCI DSS compliance.