You might have heard the term tossed around: payment tokenization. Maybe you immediately recalled summer days spent at the arcade, trading in little gold discs for plastic airplanes that destroyed themselves the moment they were ripped from the package. These aren’t those kinds of tokens. But they function similarly – as the substitution of one thing for another thing of value.
What is payment tokenization?
Payment tokenization is the use of benign, non-decryptable data substitutes in place of, or to reference, a sensitive data element.
Tokens are randomly generated replacement values for credit card numbers that function in place of the actual number, so sensitive data is safe and secure. The token isn’t sensitive on its own; it simply functions in the place of the payment data. Visa calls it a “surrogate value,” according to Payments U. Since the token itself is worthless, stealing a bunch of payment tokens is likely just as beneficial as stealing a bunch of arcade tokens would be to you now. You probably don’t really need two hundred thousand bouncy balls.
The payment card industry uses payment tokenization to ensure compliance with industry standards for security when storing sensitive cardholder data. The token is often used during the authorization process of a transaction, where the token and authorization code may be returned for merchant use when validation is requested.
Why is it important?
There are significant benefits to implementing some form of tokenization when dealing with payments. Most importantly, you significantly decrease the risk to both your customer and company. Since stealing tokens isn’t going to volunteer anything of value, even a data compromise will not completely disrupt the functioning of your business, your good reputation, or your customer’s peace of mind.
Additionally, a business that will be accessing and storing payment information has to accommodate PCI compliance standards for every system that comes across the sensitive data. If you implement payment tokenization, there are actually less systems that touch the sensitive data – they’re only really working with the tokens. Your PCI compliance burden is drastically reduced, saving you both time and money.
How do I get it for my business?
Payment tokenization is typically used by most payment solution providers. It will often be included with another service, such as a payment gateway or checkout solution. Forte uses tokenization for all payment information and continually updates their security to match or exceed the industry best practices of protection.
Photo credit: Marcin Wichary