Credit Card Processing Blog
Understanding Tokenization And Its Role In Security

Mar 03, 2016 8:00 AM / by Reliance Star

One of the most daunting tasks faced by security applications is protecting sensitive data stored in applications that are generally complex and often distributed. In recent years, tokenization has gained popularity.

Tokenization is the process where sensitive data is replaced with unique identification symbols that hold on to all the vital information about the data that is essential, without compromising the security of the data. Tokenization attempts to minimize the amount of data that is necessary for a business to have on hand. This is a good way for small to medium businesses to strengthen credit card and e-commerce transaction security while keeping the cost to a minimum, and meeting all industry standards and government regulations.

Payment card industry standards don’t permit credit card numbers to be stored in any POS terminal or in any database after a transaction is complete. In order for a retailer to be PCI compliant, merchants are required to have expensive end-to-end encryption systems installed. Otherwise, the merchant’s only option is to outsource payment processing to a service provider that offers a tokenization option. In these situations, the service provider is responsible for handling the token values insurance and is responsible for ensuring that the cardholder data is secured and locked away.

In these situations where a service provider is used, the service provider will issue the merchant a driver for their POS system, which converts the credit card numbers into tokens that are randomly generated values. The token isn’t a primary account number, also called a PAN, which means that it can only be used within the framework of the unique transaction with the merchant. For example, typically, with a credit card transaction, the token will contain the last four digits of the credit card number. The rest of the token is made up of alphanumeric characters that are the cardholder’s information along with other data that is related to the specific transaction that is occurring.

It is far more difficult for hackers to get access to cardholder data when tokenization is used. It is far more secure than older systems where credit card numbers were actually stored in databases and often sent over networks. Experts believe that tokenization technology is a good choice for all kinds of sensitive data. This can include medical records, vehicle driver information, banking information, criminal record information, stock market information, and much more.

Reasons to consider tokenization include:

  • Reduction of application charges
  • Reduced compliance scope and costs
  • Reduction of data exposure
  • Masking by default
  • When data is stored in the cloud, tokenization is an accepted security method

When tokenization encryption is properly implemented it is by far one of the most effective security controls available today. Data is only authorized to be read by authorized users and both motion and rest data is protected. The lower overall cost of implementation has lead to an increase in interest. Merchants also like the idea of not being responsible for creating systems that keep highly secure data secure and that they can leave it to the experts in that field instead.