https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guideline_with_WiFi_and_Bluetooth_082211.pdf
PCI DSS Tokenization Guidelines
The guide contains the followingkey principles related to the use of tokenization and its relationship to PCIDSS:
1. Tokenization solutions do not eliminate the need tomaintain and validate PCI DSS compliance, but they may simplify a merchant’svalidation efforts by reducing the number of system components for which PCIDSS requirements apply.
2. Verifying the effectiveness of a tokenizationimplementation is necessary and includes confirming that PAN is not retrievablefrom any system component removed from the scope of PCI DSS.
3. Tokenization systems and processes must be protectedwith strong security controls and monitoring to ensure the continuedeffectiveness of those controls.
4. Tokenization solutions can vary greatly acrossdifferent implementations, including differences in deployment models,tokenization and de-tokenization methods, technologies, and processes.Merchants considering the use of tokenization should perform a thoroughevaluation and risk analysis to identify and document the uniquecharacteristics of their particular implementation, including all interactionswith payment card data and the particular tokenization systems and processes.