FIS Modern Banking Platform
Advance your bank with a modern core platform.
May 06, 2020
In an age when data breaches and fraud pose looming threats, the security of our digital transactions is more important than ever. That’s especially true with the security of payment data.
Payments are fast becoming more digitized as a response to consumer desires for convenience and choice. Tokenization and encryption have emerged as key tools to protect such sensitive information in a cost-effective and secure way.
Consumers and businesses rely on technologies like tokenization and encryption to secure the payments they make every day. Let’s look at these security terms in plain language to understand what they mean and why they matter to businesses.
Tokenization is a simple process of replacing sensitive data with non-sensitive token data.
The real data is stored in purpose-built secure token “vaults.” The tokenization of payments is the effort to replace sensitive data, such as credit card numbers and PINs, with a unique identifier that can only be authenticated, decrypted and translated by the token provider. Tokenization allows businesses and their customers to safely conduct payment transactions while making the essential transaction data of “no cash value” to criminals.
Tokenization is a primary and standard technology to protect cardholder data in a contactless transaction, whether in-store or online, as well as recurring payments for everything from utility bills to every imaginable type of subscription.
End-to-end encryption uses cryptography to essentially “scramble” data at one end in order to secure it for transit and decoding by the recipient. A third-party provides encryption keys to parties on both ends, allowing far more secure communications than sending raw, unencrypted data.
End-to-end encryption has its roots in the early ‘90s when it was popularized in a program called Pretty Good Privacy (PGP) and is still in wide use today including popular commercial communication apps like Apple’s iMessage.
Historically, encryption has been the preferred method of protecting sensitive card and payment data. Vast databases of card numbers stored by merchants and service providers have been locked down with encryption keys.
Encryption and tokenization are important technologies that are complimentary and are often deployed together as part of layered security approaches. Yet there are a few key differences that are important to keep in mind.
The most important difference between encryption and tokenization is functional: Encryption protects data in motion while tokenization protects data at rest. Encryption is significantly more secure than transmitting raw data, though encryption can be reversed-engineered or accessed by stolen corresponding keys.
Encryption relies on cryptographic algorithms and cryptographic keys to encode data during transit, transit that poses risks as data travels over networks between trusted parties.
Tokenization replaces essential data with tokens, storing the sensitive private data in a vault. Token vaults are far more secure than standard operational systems because they are built for the sole purpose of token storage.
Tokenization can reduce the scope of your systems that fall under PCI DSS, the Payment Card Industry Data Security Standard. All businesses that accept credit and debit cards need to follow these baseline standards. Using tokenization and encryption represent best practices that reduce the time, focus and costs associated with compliance auditing.
Shoppers look for equal measure of convenience and security, however they shop. Digital and mobile wallets deliver on both counts.
Tokenization is an important technology in the use of digital wallets. Mobile apps have emerged as a vital sales channel largely because of integrated payments. Pre-loaded payment credentials make checkout easy for consumers, while encryption, tokenization and device authentication provide extra layers of security.
Tokenization and end-to-end encryption are services offered to businesses by their payment provider. Connect with one our payment experts to learn more about how encryption and tokenization can help protect your customers and your business.
Let's work together to reach your goals. Contact us at the links below and a representative will be in touch.
We are here to help you and your business. Contact us using the button below.Learn more