You are visiting Las Vegas, and you make a beeline for the Blackjack table. You hand the dealer a hundred-dollar bill, he yells out “changing a hundred” and proceeds to hand you a stack of chips equally $100.00. You have just experienced tokenization.
If you were to take that monetary chip and try to spend it like money, you would find it is essentially worthless outside the casino. This example, on an extremely small scale, is how tokenization works with security measures used by banks, credit card companies and any web based payments. Simply put, something of value is represented by a placeholder or proxy in order to safeguard the item of value. It could be money, as in the poker chip example, or sensitive material, like a social security number or credit card information. The latter examples are not as straightforward as the poker chip; the process of credit card tokenization for online transactions is a little more complicated.
Essentially, tokenization is taking non-decryptable data and using it to replace sensitive data. For instance, you’re online and you’re making a purchase using your credit card number. To protect that number from unscrupulous hackers, the company that is taking the credit card number replaces it with a series of random, unique identifiers, known only to them. That way, if someone breaks into their system online, they cannot retrieve any detailed information—all they would have access to would be the tokenized sequence.
The process of tokenization is being used more frequently because it protects both the buyer and the seller. For example, you visit the grocery store and you whip out your debit card to pay for your food and never give it a second thought where those numbers go and who might have access to them. You obviously want your credit card number to be protected, as does your bank and your grocery store, both of whom want your information protected too, so they are not subject to a security breach and possible liability. Token numbers are substituted for your credit card number, protecting all involved. This process can be used for loyalty cards, gift cards, debit cards and card on file data for e-commerce payments. Payment Tokenization is most likely in use when you make a mobile near field communication (NFC) payment, like making a payment on your phone with a nearby payments terminal. The two devices essentially talk to one other when they’re close together, making contactless payments possible.
Now more than ever, safeguarding your information is vital. Is you were one of the 143 million people whose information was compromised in the recent Equifax breach, you know that even a large conglomerate can experience unwelcomed visitors hacking into sensitive data. With more people making online payments and making NFC payments, tokenization has never been more necessary to protect important information. It benefits the merchants, as well, removing the risk associated with storing, processing and transmitting classified client information while still adhering to government regulations, standards and compliance. By using a token system, they are not storing data anymore; they are just storing the replacement numbers. When a customer enters secured data on a website, the information is sent to an off-site tokenization PCI-Level 1 server. A new token number is created to replace the “real” information. The token is then sent to the merchant. It is stored for this merchant in case the customer returns to make an additional purchase. There is no downtime, no delay; it happens instantaneously. If the merchant is hacked, the customer’s data is still protected. Since there is no mathematical correlation between the confidential information and the “token” number, it makes it exceptionally difficult for a hacker to decipher the true numbers. Tokenization is an excellent deterrent for thieves.
Although no security solution is 100%, tokenization is becoming the go to method of security online. Security solutions are constantly changing but so is the technology the hackers use, so you must always be on guard and take any steps you can to safeguard your information. In the meantime, tokenization is a critical aspect of the mobile payments movement, and the safest way currently to protect information. Since more people are making mobile payments, and more places accepting mobile payments, it is crucial that there is a protection process in place. The more people make payments online or at NFC payment points, there are more opportunities for data to be intercepted, stolen or misused. Tokenization shields the data both while being routed and when it is stored at the off-site. It is good for companies who have repeat customers and loyalty programs, since the important information can be easily accessed by the merchant, but not accessible to anyone else.
The payment industry is always looking for new and better ways to secure sensitive data and protect customers, Obviously, the more you use your credit card, the more money they make. Also, the more information merchants can gather about you, the more they can track your spending tendencies and market their products directly to you. The more they invest in protection programs, the more money they are hoping you will spend, especially if you feel your data is not at liberty to be stolen.Tokenization makes it easy and more secure for customers to use their credit cards when paying for purchases online. Using tokens is speedier, cheaper and simpler, and does not lower security. And, as an added bonus, tokenization can be used with any type of payment or technology.
The only drawback of tokenization is that the technology is relatively new, and there is not enough long term research to measure how effective tokenization is, or if there are any backdoors that hackers have not found yet. Some merchants, however, have fully embraced the tokenization system, with such prominent companies as Visa, MasterCard and EuroPay leading the way. Tokenization has the potential to an important technology to prevent fraud and companies will need to update their sites and technology as tokenization continues to evolve.