Prioritize token usage
Summary​
All systems related to credit cards must use tokens instead of storing card information.
Description​
When processing transactions, systems can use tokens instead of the actual credit card information. This allows secure communication between systems without exposing sensitive details during transactions.
Supported In​
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References​
- MITRE ATT&CK®-M1036. Account use policies
- PA-DSS-2_3. Render PAN unreadable anywhere it is stored
- PA-DSS-3_1_4. Application employs methods to authenticate all users
- HITRUST CSF-06_d. Data protection and privacy of covered information
- ISA/IEC 62443-CR-1_1-RE_1. Unique identification and authentication
- WASSEC-3_1. Session management capabilities
- OSSTMM3-11_15_3. Data networks security (privileges audit) - Escalation
- OWASP SCP-4. Session management
- SWIFT CSCF-5_2. Token management
free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.