Tokenization


Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.



Tokenization is commonly sort after by banks and PCI-DSS compliant credit card processing companies to process primary account numbers (PAN) to replace card numbers with a surrogate value called a 'token'.




The entire chain of credit card transaction handling is reasonably secure, except for one concerning aspect -- the retailer might be keeping a copy of your credit card information for various purposes.

Maybe you'll want a refund or adjustment in the future. Maybe you're a hotel chain and want to have a stored number around for additional charges after you've departed. Maybe you want to use the credit card number for data analytics, customer loyalty, etc.

Lots of good reasons for a retailer or other outfit to hang on to your credit card info after the transaction is ostensibly "done".

However, with hundreds of thousands of retailers, hotels, taxi companies, florists, etc. out there, they can't all be 100% bulletproof in securing your credit card information if they decide to keep a copy "on file".



The Solution
Tokenization Manager accepts a credit card transaction in a normal way, but provides a synthesised token back to the merchant along with authorisation.

The token directly refers to the credit card account *and* the merchant - so it can be used for many of the same purposes a real card number can be used for - adjustments, prepays, refunds, data analytics, etc.

However, the token itself can't be used to charge stuff. It's perfectly harmless to store, hand out, etc.

As a result, any merchant that wants' to "hang on" to your credit card information isn't really storing a live credit card number - just a reference to a real one.

Tokenisation should be applied to ALL sensitive data whatever your industry. For example, health care records, financial account numbers - anywhere you'd prefer not to have sensitive information being stored by anyone and everyone. Customers would no doubt also prefer their home telephone number and email address be tokenized as well.



Features & Benefits 


> Tokenization protects sensitive data by replacing it with a unique token that is stored, processed or transmitted throughout the organisation instead of the clear data.

> Meet compliance PCI DSS and HIPAA

> Reduces PCI-DSS Audit scope, leading to reduced operational cost

> Tokenization simplifies compliance, by reducing the number of system components a merchant need to validate for which PCI DSS requirements apply.

> Receive sensitive data at its initial entry point and encrypt it, through applications, to databases, the token is stored, processed or transmitted throughout the organisation, while the sensitive data is encrypted and stored in a secure token vault.


> Token Mapping - is the process of assigning a token to the original PAN value.
When a PAN is submitted for tokenization, the generated token and the original PAN are typically stored in the card-data vault.


> Token vault - sensitive data is stored in a vault in an encrypted format.

> Audit & Logging: Complies with PCI Tokenization Manager event monitoring.

> Privilege user access control.



> Provide Tokenization As a Service

Ideal for Tokenization Service Providers (TSP) (such as payment processors) that wish to have the ability to offer tokenization services to their customers, helping their customers reduce regulatory scope.



  • Providing customers with full encryption and tokenization services, taking all, or most of the customers’ systems out of scope.
  • Once cardholder data is received, it is transmitted to the Tokenization Manager that is deployed at the service provider. The data can pass through the customer’s entry point, leaving that entity in regulatory scope, or through the Tokenization Manager Web API, using End-to-End tokenization, taking the entry scope out of regulatory scope.


Platforms
> Microsoft SQL Server or Oracle databases

> Supported APIs: Java or Webservice


 


Also see

- Encryption Key Management

- Encryption Key Vault

- Network Segmentation 

 





Contact us today to discuss your requirements in more detail.



P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk