July 15, 2009
-
Electronic Identity Systems, Pt.3
Tokenization.Tokenization is technology that replaces a credit card number with a token to be used in the electronic payment processing transaction. A token usually uses the last four digits of the card number attached to additional reference number to generate a unique code. The token protects consumer credit card information by encrypting the card number with the unique code and then storing it in an offsite data vault. The authorization code is returned to the register without the credit card number or personal information. Since the cardholder's information is not being stored, the token is the only element at risk for theft. The reference number/token can't be used for initiate any transaction and thereby making it useless to the thief. The process works very well in cases of recurring payments which generally require the lender store sensitive consumer financial information.
Tokenization has made it more difficult and challenging for hackers to get their hands on sensitive credit card information. Tokenization is also less costly than other systems like the biometric system. It is an improvement on the encryption technology by only storing the token. Unlike cryptography, tokenization does not have the issue of key storage. The challenge to developers of such programs is how to safely secure the information that opens and closes the key within the point of sale application; compromised keys means unsecured data. With tokenization there are no keys to store and thereby eliminating the threat of attack. In addition to credit card information, tokenization technology can be used with all types of sensitive data.
Tokenization is easy to implement and requires very little cost on the part of the credit card processing company. Not only is the tokenization a safer more secure payment process, the payment industry likes it because it meets the requirement of the Payment Card Industry (PCI) Data Security Standard (DSS) which requires that consumer card information cannot be stored on the merchant's POS or mainframe systems. Presently, tokenization is a viable solution for all interest parties involved in the transfer of sensitive information.