I know, tokenization sounds like a boring “techy” term.
Well, the fact is, payment processing is a complex process and a LOT of things happen in the 2 – 5 seconds it takes you to accept a credit card payment at your business.
Virtual networks with cardholder data are constantly buzzing with sensitive information that need to be properly encrypted and protected so that it doesn’t fall into the wrong hands.
In 2012 there were nearly 700 security breaches that resulted in almost 30 million consumer records that were stolen.
Tokenization plays a role in eliminating this problem.
What is tokenization?
It’s a fancy way of disguising sensitive cardholder data.
It’s the process where a unique identifier – the “token” – is assigned to payment information such as a credit card number so that in the event of a security breach, the data is completely useless to the unauthorized party.
The token has no inherent value because it’s simply a substitute for another value or number.
It’s kind of like putting a costume on so no one recognizes you!
This way, if a network is compromised or breached, the data that is retrieved is simply a “token” and it means nothing unless the person who stole it has the key to match it with the cardholder information from the point of sale device, which they will never be able to get.
That’s the beauty of tokenization. Let’s look at how it works.
How does it work?
Conceptually, it works similarly to encryption where sensitive data is simply hidden or changed and there is an algorithm or mathematical process to retrieve the sensitive data.
Tokenization is achieved by way of random number generators.
Credit Card Number: 4111 2222 4265 1111
Tokenized Card Number: 1234 5614 5258 6485
So the substituted value in this case is the tokenized card number and it replaces the actual card number on the secure database.
If one wanted to retrieve the original data the tokenized card number is simply submitted to the database, matched with the original card number and returned.
There is no mathematical relationship between the card number and the tokenized number so it makes it extremely difficult for an intruder to ever figure out the card numbers that they are in search of.
Precautions, not guarantees
Security solutions are ever changing.
It’s important to note and remember that no solution is 100% fail safe, and any system build by people can be hacked by others… at least that what history tells us.
The process of encryption and tokenization can help soften the blow in the event of a security breach but you should always operate with the assumption that a breach could happen and simply take every step you can to minimize the risk
for your business and your valued customers.
Are you secure?
If you’re using a content management system, internet gateway, or point of sale devices and you have not reviewed these devices recently it might be time to look at your systems.
Encryption and tokenization can be a costly measure to implement on your own, so it’s much easier to let a trusted payment partner take care of everything for you.