Tokenization vs. Encryption: Options for ComplianceBy Adrian Lane
The paper discusses the use of tokenization for payment data, personal information, and health records. It covers two important areas of tokenization: First, the paper is one of the few critical examinations of tokenization’s suitability for compliance. There are many possible applications of tokenization, some of which make compliance easier, and others which are simply not practical. Second, the paper dispels the myth that tokenization replaces encryption – in fact tokenization and encryption compliment each other. This version has been updated to include PCI guidance on tokenization.
Download: Tokenization vs. Encryption: Options for Compliance, version 2 (PDF)
(Version 2.0; October 2012).