By Sue Zloth
Last fall the PCI Council announced guidance on point-to-point encryption (P2PE) to help merchants protect their customers’ payment card information. Since then, merchants have had P2PE implementation on their minds.
Recently I’ve been a part of a working group that is evaluating technologies and determining the best ones to secure payment transactions and help reduce scope for PCI. One thing that’s becoming clear is that tokenization cannot be left out of the mix.
As a part of the PCI Special Interest Group (SIG) on tokenization, I’ve been evaluating this technology and offering recommendations for guidance. Although the guidance won’t be out until late spring, I wanted to share some educational information about tokenization that could benefit our readers.
Each week, I’ll post an article about what tokenization is, the types of tokenization, its benefits for merchants and some simple considerations before implementing a tokenization solution.
So what is tokenization?
In its simplest form, tokenization is data substitution.
What does that mean? Well, let’s say that you have the following credit card number:
4467 9388 2077 1234
(Don’t worry, I made this number up).
Hypothetically, if this card number were stolen, it would have a significant value to the thief. The bad guy could sell your number to other bad guys or could simply use your credit card to buy things on your dime.
However, if that same credit card number were tokenized, the real numbers would be replaced by other numbers that have no value at all. The tokens are worthless, replacing the original number with ones that don’t have any value:
1234 5678 9012 1234
This way, if the card is stolen, it can’t be used to make purchases and would be of no use to the bad guys.
It is impossible for a thief to crack the code and derive the real credit card number from the token. The real credit card information is sent to a centralized and highly secure server to be stored.
Next up in this series: Token Types
Merchant Link Security Cents News: Do you need to replace your merchant services POS system or migrate your system to the cloud? We have relationships with most of the top rated credit card processors to improve your business and cash flow. Contact Merchant Link today and see how we can improve your bottom line and retain more customers.
[...] This post was mentioned on Twitter by Shany Seawright, Ryan Schradin. Ryan Schradin said: Sue Zloth of Merchant Link shares the 411 on #tokenization and benefits of devaluing your customers’ data. http://bit.ly/hziRam #security [...]
[...] you may have read in my previous post, I’ve been working with the PCI Council Special Interest Group to provide recommendations on [...]
[...] you’ve been following along in this series of posts on tokenization, you should now understand what tokenization is and the difference between card-based and transaction-based tokenization. Now you’re ready to [...]