Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 2: Implementing Post-Authorization Tokenization Systems (ASCX9)
General This part of American National Standard (ANS) X9.119 defines the minimum-security requirements when employing a post-authorization tokenization system to protect sensitive payment card data. As in ANS X9.119 Part 1@ Requirements for Protection of Sensitive Payment Card Data - Part 1 Using Encryption Methods@ the term ??protection?? refers to maintaining the secrecy and integrity of the data protected by tokenization from unauthorized disclosure and modification. This document also provides requirements and guidance about the Tokenization environment@ including: ? A review of the evolving uses of tokens and tokenization to protect sensitive payment card data@ ? A description of a Tokenization System Model involving the use of a Tokenization Service securely distributing a token to a Tokenization Request Interface on the behalf of a Requesting Entity@ ? A description (in Annex B and Annex C) of acceptable token generation methods for use in a Tokenization Service@ ? Security requirements about the establishment and maintenance of a Tokenization Service by a Token Services Provider built with the methods described in Annex B@ ? Security requirements for a Tokenization Request Interface interacting with a Tokenization Service on behalf of a Requesting Entity@ and ? An informative set of use cases in Annex D describing the role of a Requesting Entity in a Tokenization System. Throughout this document@ data encryption@ integrity protection@ and the support for key management services are required to protect sensitive payment card data during the tokenization and de-tokenization process and for the protection of any such data stored within a tokenization system. Where appropriate@ the relevant requirements contained in ANS X9.119 - Part 1 are reiterated for use in this Standard@ but unless otherwise specified@ all requirements delineated in Part 1 must be adhered to if tokenization is used in conjunction with point-to-point encryption methods. As is the case in ANS X9 119 - Part 1@ the following matters are outside the scope of the Standard: ? Methods for cardholder authentication@ such as the use of Personal Identification Number (PIN); and ? Physical or logical security requirements for protecting the sensitive payment card data at the first point of entry. This Standard focuses on two of the three components in the tokenization model described in section 7.1: the Tokenization Service and the Token Request Interface. For the protection of sensitive payment card data between the Requesting Entity and the Token Request Interface@ the reader is referred to ANS X9.119 - Part 1. Finally@ this Standard addresses a class of tokens called post-authorization tokens (see section 6.2)@ and although some requirements may be relevant for systems using preauthorization tokens (again@ see section 6.2)@ implementers may not assume that every requirement is applicable when translating the requirements set forth in this Standard to such systems. Application This part of X9.119 is applicable for organizations implementing post-authorization tokenization systems to protect sensitive payment card data. Mandatory standard techniques and procedures are indicated by the word 'SHALL'. Conditional recommendations or guidelines for use are indicated by the word 'SHOULD'