One thing gaining traction in PCI DSS is the notion of tokenization, which uses a unique identifier instead of the credit card data after its first use in an authorized transaction.  Afterwards, the actual card data is stored in a centralized, highly secure server called a “vault” and a token is used in its place.  This approach removes the actual card data from the applications and systems when it isn’t needed and reduces the amount of Cardholder Data Environment (CDE) that’s in scope for PCI. This, in turn, makes it easier to manage and meet PCI compliance!

Why?  Because if a system, application or host doesn’t actually store or process card data—remember, they’re using a token instead—then it may not be in scope for the PCI environment.  This may significantly reduce what “things” are parts of the PCI environment.  Another advantage of PCI tokenization is if an attacker compromises the system and obtains this token,  it isn’t card data, thereby, reducing the impact of a data breach.