Blog

Credit Card Tokenization: Data Thieves Can’t Steal What Isn’t Theirs

In today’s world, merchants are expected to keep cardholder data secure. Companies like Target and Lowe’s don’t just find themselves with a bunch of bad PR, they also have to deal with costly fines and litigation. Unfortunately, many merchants don’t truly understand how vulnerable electronic payments are, and may think they are secure, when in fact they are not.

The Payment Card Industry Data Security Standard (PCI-DSS) is the set of payment card industry rules for data security. As PCI standards become more and more complicated, merchants are investing in a variety of solutions. However, some of those solutions don’t provide the level of security required to pass an audit.

How Does Credit Card Tokenization Work?

Tokenization substitutes a token for valuable private information, like a bank account number or cardholder’s PAN (credit card number). A token is a long string of random numbers that have no value whatsoever. When a transaction is made, a merchant never sees the customer’s private information — only their token.

What Are the Benefits of Credit Card Tokenization?

While the main benefit of tokenization is its ability to secure data from thieves, tokenization offers benefits in a few ways that, while less obvious, can have a big impact:

PCI Compliance — Merchants don’t have to store this sensitive data themselves, getting rid of some PCI regulations at the same time … which means less questions on the annual PCI survey!

Lower Operating Costs Vs. Encryption — Would you rather have a camera that’s “water resistant” or “waterproof?”

With encryption, the concept is to protect sensitive data wherever it is stored. Encrypted card data can be reverse-engineered to reveal cardholder data (water resistant). At Constellation Payments, we use the best encryption algorithms available, but we don’t stop there.

With tokenization, on the other hand, the data is protected by removing it from the merchant’s systems entirely (waterproof). Merchants don’t need to encrypt the data because they’re not storing it.

Encryption solutions must be deployed in each place that card data is stored. According to a recent report by Gartner, that cost is likely to be around $6.00 per account, per storage location!

Protection from Internal Theft — Tokenization isn’t just effective at stopping inbound criminals like hackers; it will also protect sensitive information from employees, vendors, suppliers and anyone else that is connected to your organization and its data.

Data Devaluation — Why bother breaking into a system at all if the data inside is useless? Tokenization not only reduces a merchant’s risk in the case of a breach; it also reduces the risk of having a breach at all.

I hope this article sheds light on the many benefits tokenization provides. The tokenization technology we use at Constellation Payments employs state-of-the-art encryption, utilizing a multiple-authority architecture, public-key cryptography and a FIPS 140-2 Level 3 certified Hardware Security Module to store Private keys. All of this guarantees the absolute best security and protection for your primary account number (PAN) data.

If you’d like more information on our tokenization service or have any questions, feel free to email me at rellis@csipay.com or call me at 267.287.1035.

Rick Ellis is a Business Development Executive with over 20 years of experience running a successful membership-based company built around a lucrative recurring revenue business model. As an Executive for Constellation Payments, a fully integrated and proprietary payment gateway and merchant service provider, as well as for Member Solutions, a leading provider of full-service billing for enterprise businesses, Rick enjoys working through complex business models, and leveraging proven payment processing strategies for maximum effect.

Grey Divider

Like What You’ve Read?

CSIpay_blog_subscribetoday-(2)Subscribe to the How Payments Are Done blog and get our best advice delivered right to your inbox!

You’ll receive continual guidance on the approaching merchant liability shift — along with insights on contactless payments, data protection, subscription business models, mobile ecommerce and alternative payment methods like Bitcoin.

Visit HowPaymentsAreDone.com and enter your email address into the Subscribe box.

Share this article:

Leave a Reply

Your email address will not be published.