Tokenization has become one of a few emerging technologies to assist with credit card security and PCI compliance.
Tokenization is an attempt to mitigate the risks inherent in storing card data. In the same way that end to end encryption helps to protect data in transit, tokenization helps to protect data at rest. With data in transit is increasingly targeted by nefarious hackers (and making big headlines), it is easy to overlook the fact that data at rest can be equally prone to theft.
As a process, tokenization replaces card data with a unique "token" that acts as a reference pointer to that credit card data. Using this logic, a credit card transaction sends this reference pointer token along the payment chain. At the processing end of the payment chain, the token is verified and the transaction processed, all without having exposed any sensitive cardholder data to the various networks along the payment chain. And because tokens are produced for accounts, rather than for specific transactions, stored tokens can be effectively used for scheduled automatic payments as well.
Because the merchant uses a "token," rather than real credit card data, and relies on the payment processor to assign that token (and to transmit and/or store card data), merchants relying on tokenization decrease their "scope" relative to PCI compliance, transferring the onus of the most critical aspects of PCI compliance to the payment processor.
Tokenization eliminates the need for actual credit card data to be stored or transmitted by the merchant and, in many cases, allows for an easier PCI SAQ process. And with some payment solutions offering both tokenization and end to end encryption, the result is an integrated solution that protects data both in transit and at rest.
Sean Kramer is President and CEO of Element Payment Services and is knowledgeable about the most cutting edge payment security technologies and issues, such as tokenization, end to end encryption and PCI DSS
Article Source: http://EzineArticles.com/?expert=Sean_Kramer
