On Wednesday at the RSA Conference 2010, a presenter in the session for Tokenization and PCI raised an interesting point about the lack of standardization for the technology hindering its adoption in the market.
Ramon Krikken from the Burton Group said that, among many other things, the different ways vendors define and describe tokenization confuse the consumers. Additionally, the lack of interoperability between the tokens from different service providers fan the fear of vendor lock-in. For example, a merchant with multiple processors would likely use several tokenization services, and the tokens cannot be used interchangeably between the processors.
In a sense, it's a chicken-and-egg problem. It is hard for vendors to standardize if the market hasn't matured enough, but consumers are not likely to adopt the technology due to lack of standardization. One way to break this roundabout is for a standards body such as the PCI Security Standards Council to lead the effort in drafting recommendations/guidance for tokenization as deployed for PCI compliance.This could go a long way in allaying confusion and fears in the industry.
What are your thoughts? Do you agree? Please share in the comments section.
Recent Comments