The principle of tokenization– Many companies have found tokenization to be cheaper, easier to use and more secure than end-to-end encryption. Tokenization completely removes credit card data from a company’s internal networks and replaces it with a unique, generated placeholder, or “token” — much like emptying a warehouse so that a thief has nothing to steal.
Merchants use only the token to retrieve, access, or maintain their customers’ credit card information. Meanwhile, their customers’ real card data is stored at a highly secure, offsite location.
- Tokens have no meaning by themselves and are worthless to criminals if a company’s system is breached in any way. For example, if someone’s actual credit card number was 2123 3456 5678 6789, it might become EGHV234AUD54367 when a token is generated.
- The token is randomly generated and there is no algorithm to regain the original card number — crooks can’t reverse-engineer the actual credit card number, even if they were to grab the tokens off the servers.
Using tokens doesn’t change a merchant’s payment processing experience either. Just like credit cards, tokens can be used for customer sales, refunds, voids and credits — only they’re much safer for a merchant than actual credit cards.
Removing confidential customer credit card data from their internal networks is one of the biggest reasons why more companies are relying on tokenization. All merchants who accept, transmit, process or store credit card data online, in a store, by phone or by mail must certify each year that their IT security and processes comply with 12 rigorous Payment Card Industry Card Data Security Standard (PCI DSS) requirements.
- Companies that collect and store credit card data themselves often find the PCI process to be a huge headache with potentially significant liabilities and costs rather than a convenience for their customers.
- Because every point at which credit card data is handled must be secured, conforming with these rules as well as building and defending one’s own data fortress can become extraordinarily difficult and prohibitively expensive.
We find that many large enterprises keep multiple copies of the same customer payment data on old legacy systems whose underlying technologies remain solidly rooted in the 1960s. Because these systems are transaction-based rather than customer-based, their interoperability with internal audit and accounting processes is severely limited.
To make matters worse, organizations often don’t know where sensitive data resides on those systems and have no control over it. But even if a fraction of their revenue is card-based, the company must become PCI-compliant.
Because tokenization renders cardholder data useless to criminals, the liability and costs that merchants often associate with PCI compliance is dramatically reduced.
- The purpose of most encryption tools and techniques is to mask original data, then allow it to be decrypted.
- Encryption uses an algorithm to scramble credit card information that makes the data unreadable to anyone without a proper key. The original card data, however, stays intact and often resides on a company’s internal networks — thus creating vulnerabilities.
Encryption is most often “end-to-end,” which means confidential credit card data is obfuscated at the point of entry (e.g., when someone enters card data into a web browser to buy an item) and decrypted when the purchaser’s authorized credit card information reaches its intended destination (e.g., a merchant’s e-commerce database).
Some proponents maintain that, because encrypted card data is unreadable while it’s “at rest” in a database or “in motion” during a purchase transaction, and inaccessible until a key decrypts it, the chances of a hacker intercepting and stealing the data is minimal. But, if card data passes through multiple internal systems en route to an acquiring bank or payment gateway, the encrypt/decrypt/re-encrypt process could open a wide security hole to crooks.
More on Payments and processing