FIS Modern Banking Platform
Advance your bank with a modern core platform.
WORLDPAY EDITORIAL TEAM
July 31, 2019
There are few things more important than protecting your business assets. That’s especially true today given the ongoing threat of data breaches. Tokenization is a vital tool for protecting data, especially payments data which is a prime target for fraudsters.
Technologies that help protect companies like yours from the negative impacts of data breaches are needed now more than ever. Ponemon Institute’s 2019 “” report pegged the average cost of a data breach at $3.92 million, while the cost for US companies is the highest in the world at $8.19 million.
Tokenization may sound complicated, but in fact it’s easy to understand and even easier to implement. Payment tokenization helps maintain the security of businesses and the customers they serve; that helps protect everyone involved in making, accepting and processing payments.
Tokenization is a process of replacing sensitive data with a unique identifier called a token. Payment tokenization replaces primary account number (PAN) and other “real” data with a substitute value that performs all the essential functions. That replacement value (the token) is worthless in any other context, essentially removing payment data from visibility.
Payment tokenization replaces sensitive data—like the customer’s primary account number, or PAN—with a unique token generated by complex algorithms that cannot be duplicated or decoded. The token can then be used in subsequent transactions for functions like adding a tip or for recurring billing.
Payment tokenization adds an important layer of security that offers protection to sensitive data. Tokenization reduces the points where the sensitive plain text values are stored in your environment. Beyond just a stronger lockbox, payment tokenization renders data used to process payments useless to fraudsters if stolen.
Tokenization is making payments more secure for merchants and their customers and is used in a wide variety of ways.
Tokenization takes place behind the scenes and doesn’t require new point of sale procedures. But when it comes to the money that fuels your business, it’s worth taking a quick look at what’s actually happening behind the scenes. There are several different types of ways tokenization workflows happen in the real world, but for simplicity we can identify a few key steps:
Tokenization is often confused with another data security technology called encryption. Both tokenization and encryption are vital components of overall security strategies to help maintain payment safety. However, there are key differences in how they function.
Encryption protects data in motion while tokenization protects data at rest. Encryption is significantly more secure than transmitting raw data, though encryption can be reverse-engineered.
Tokenization combined with encryption is designed to create a comprehensive solution for protecting merchant and consumer data. Point-to-point encryption protects card data in motion, like between your point of sale and your payment processor. Point-to-point encryption addresses the risk of unauthorized interception of cardholder data. Unlike encryption, tokenization is not mathematically reversible.
Tokenization makes achieving and maintaining compliance with industry regulations easier. Tokenization addresses the PCI-DSS requirement set #3: protecting cardholder data at rest. Tokenization satisfies this requirement by preventing cardholder data from ever entering your systems.
PCI-DSS seeks to reduce retention of sensitive data and safely govern its storage and deletion. Beyond staying in compliance with payment card industry regulations, the good news is that PCI-DSS represent best practices on how to protect your data and your business from evolving and sophisticated threats.
Worldpay is a global payments leader with pioneering expertise in using end-to-end encryption and tokenization to help protect payments everywhere they take place. to learn more about how encryption and tokenization can help protect your business.
Let's work together to reach your goals. Contact us at the links below and a representative will be in touch.
We are here to help you and your business. Contact us using the button below.Learn more