WESTWOOD, N.J., Aug. 13, 2015 /PRNewswire-USNewswire/ -- The Secure Remote Payment Council (SRPc) has just released its third position paper which tackles some of the issues related to tokenization, and challenges conventional thinking about the safety and security of token vaults. By examining the role of the token service provider as currently defined, the SRPc Authentication Work Group brings to light many of the problems, inconsistencies and underlying biases with the EMVCo tokenization specifications.
In this latest document, the SRPc Authentication Work Group raises the concern that the proprietary standard for tokenization encourages a closed environment. The conclusions made by the SRPc Work Group underscore the importance of all stakeholders having an equal voice in the development of industry standards for tokenization – a theme reiterated from the Work Group's first white paper on authentication. The Work Group recommends a federated approach for developing tokenization standards, modeled like the ANSI and ISO standards organizations. They added that stakeholders should be able to implement any tokenization scheme that meets industry best practices, is auditable as compliant and deemed safe.
In the Call to Action, the SRPc Work Group strongly recommends the use of a hardware encryption standards and algorithms, such as AES and Triple DES, coupled with a distributed token vault solution, to ensure a robust, defensible security architecture for tokenization.
The SRPc Authentication Work Group's mission is to collect, evaluate and comment upon common ideas, statements and positions promulgated in the payments industry related to transaction security. The Authentication Work Group is a team comprised of payment experts representing a broad cross-section of industry stakeholders.
For more about the SRPc and to see the position paper visit:
Contact: Paul Tomasofsky
(201) 775- 4960
SOURCE Secure Remote Payment Council