Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

Before You Head Out On Vacation, Know the Difference between Tokenization and Encryption

August 5, 2010 | 3 comments | Encryption, Tokenization

Written by: admin

by Tim Kinsella

August is that time of year when it seems like everyone is on vacation. Next week I’m actually headed to a dude ranch with my wife and our three boys. Yee-Ha! It should be a blast.

So given that we’re in peak vacation season, coupled with buzz around the recent finding that 38 percent of all credit card hacking cases involve the hotel industry, we’re seeing more stories in the consumer media with tips to ensure your credit card data is safe when you travel. One recent article advised consumers to “ask the hotel if they have tokenization.”

So here’s a quick pop quiz:

1. True or false? Tokenization encrypts your credit card number.
2. True or false? Encryption is used to create tokens.

False and False. This is what drives me nuts! Tokenization and encryption are two different things. There are a lot of inaccuracies out there and it’s important to understand the difference, as well as the strengths and limitations of both.

Tokenization is the replacement of a data element (such as a credit card number) with another data element which serves as a reference to the original. This replacement data element is also known as a token. This token/reference number is stored in a hotel’s computer system instead of the real credit card number so that if someone tries to steal the credit card number, all they end up with is a non-actionable token that has no value. The value of a token is that it cannot be decrypted, derived, cracked or reverse engineered to discover the original value.

Encryption on the other hand, is the process of transforming a data element using an algorithm to make it unreadable to anyone except those who possess the decryption key.

While both have their place, tokenization is more effective at securing data, as encrypted data is dependent on the strength of the decryption as well as how well the decryption key is managed. The best security strategy is a layered one, and so we recommend that merchants employ both tokenization (to secure data at rest) and encryption (to secure data in-flight).

Still confused? Ask us a question or share your thoughts below.

Related content:

  1. Merchant Link to Provide End-To-End Encryption and Tokenization for Secure Credit Card Transactions
  2. Lodging Industry Alert: End-to-End Encryption and Tokenization for Secure Credit Card Transactions Arrives in Full Force!
  3. University of Georgia Implements Point-to-Point Encryption from Merchant Link for On-Campus Hotel
  4. Ingenico and Merchant Link Partner on Point-to-Point Encryption and Tokenization Solution
  5. Curing What Ails Your Business: How Tokenization and Encryption Secure Payment Processing
Better Related Posts Plugin

Tagged as: ,

Comments

There are 3 comments for this post.

  1. Tweets that mention Merchant Links SecurityCents :: Uncategorized :: Before You Head Out On Vacation, Know the Difference between Tokenization and Encryption -- Topsy.com on August 5, 2010 2:12 pm

    [...] This post was mentioned on Twitter by Shany Seawright, Merchant Link. Merchant Link said: True or false POP quiz: #tokenization vs. #encryption [NEW BLOG POST] http://bit.ly/bJucSu [...]

  2. Merchant Link SecurityCents :: Encryption Tokenization :: Hotel Data Breaches: A Victim’s Perspective on December 8, 2010 2:30 pm

    [...] is the year that the hospitality industry will fight back and install cutting-edge encryption and tokenization solutions to ensure that people like Nick Percoco will no longer be [...]

  3. Voltage Security and Merchant Link Announce Point-to-Point Encryption, Decryption and Tokenization Services for Payment Protection at El noticiero – U.S. News on January 11, 2011 1:57 pm

    [...] compliance.  Further information is available at http://www.merchantlink.com, and on Merchant Link's SecurityCents blog, and NRF Big Show [...]

Write a Comment