While both have their places in payment technology, tokenization is fast emerging as a more cost-effective and secure solution to protecting customer card information and reducing the scope of PCI compliance. (For a primer on PCI compliance, check out our PCI Compliance Guide). Some examples of end-to-end encryption are VPNs, Apple’s imessage feature, and other messaging apps like WhatsApp.īoth tokenization and encryption are used to reduce the scope of PCI Compliance by reducing the amount of systems that have access to customers’ credit card information. This helps secure the customer’s bank account details in credit card and eCommerce transactions.Įnd to end encryption (aka “data field encryption”) on the other hand, encrypts cardholder data at the origin, and then decrypts it at the end destination. Tokenization replaces sensitive cardholder detail with a stand-in token. Payment flexibility: refunds, chargebacks, recurring payments etc.įormat fits with legacy credit card fields
Tokenization allows users to store credit card information in mobile wallets, ecommerce solutions and POS software to allow the card to be recharged without exposing the original card information. One of the most widespread uses of tokenization today is in the payments processing industry. For example, one may wish to encrypt files on a hard disk to prevent an intruder from reading them.” Encryption has a wide variety of use cases, from cloaking private messages in P2P apps to transferring sensitive information in a vulnerable environment.īut more recently, payment experts are seeing more and more organizations moving from encryption to tokenization as a more cost-effective (and secure) way to protect and safeguard sensitive information. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended, even those who can see the encrypted data. According to Stanford University’s encryption expert, “Encryption is the transformation of data into a form unreadable by anyone without a secret decryption key. Historically encryption with reversible cryptographic ‘keys’ was the preferred method of protecting sensitive data. Substitution techniques like tokenization have been in practice for decades as a way to isolate data in ecosystems like databases. Order your reader now Credit Card Tokenization - a History But while chip cards protect against fraud that occurs when someone pays at a physical store, tokenization is primarily designed to fight online or digital breaches. Just like the nationwide shift to chip cards, tokenization’s end game is to prevent the bad guys from duplicating your bank information onto another card.
The actual bank account number is held safe in a secure token vault.
In credit card tokenization, the customer’s primary account number (PAN) is replaced with a series of randomly-generated numbers, which is called the “token.” These tokens can then been passed through the internet or the various wireless networks needed to process the payment without actual bank details being exposed. Often times tokenization is used to prevent credit card fraud. Tokenization is the process of protecting sensitive data by replacing it with an algorithmically generated number called a token.
Basically, tokenization adds an extra level of security to sensitive credit card data. “Tokenization” is a super-buzzy payments word at the moment, especially because of the increased attention on mobile payments apps like Apple Pay.