Three potential disadvantages:
- Data analysis
Using payment processor specific tokenization, for example, locks you into a particular payment processor. Selecting a tokenization service that can support multiple payment processors, or is payment processor agnostic, avoids lock-in.
When tokenizing other sensitive data, consider how easily the data could be transferred to a different service in the future.
Using the tokenized data requires it to be de-tokenized (which usually includes a decryption process). This introduces a small overhead to the process which is negligible in most situations. However, in high-speed situations, such as tokenizing password hashes on a high-volume site, a merchant might want to maintain a local in-memory hash of the tokenized data for rapid retrieval.
Good tokens do not allow the initial data to be reconstituted just from the token itself. This means that data analysis cannot occur on tokenized data. When Auric works with merchants to design their tokenization strategy, we ask what type of data analysis they intend to do. Determining the best combination of elements to tokenize is based on a balance between security and data analysis needs. For example, it is rarely necessary to tokenize a city, state/province, or postal code — particularly since these allow you to do geographic data analysis. However, tokenizing names and street addresses is reasonable for privacy concerns.
” Even when physical security is breached, firewalls are penetrated, tripwires are evaded and software-based security is circumvented, the combination of tokenization and cryptography provides a robust defense that can provide last-ditch salvation.”
“Solid product, small business with people that you can personally trust, not just a call center.”
Thieves can’t steal what you don’t have!
Tokenization is a proven way to secure and protect information, like credit cards, social security numbers, and passwords.
A tokenization service encrypts the data it receives and then stores the encrypted data along with a random set of characters (the token) off site, away from thieves. The service returns the token to you, so the token can be stored in place of the sensitive information in your business environment. The token has no value to any criminal who might access it.
- PCI Compliant data storage.
- Reduce PCI/HIPAA footprint.
- Move vital sensitive personal and financial data out of a business environment.
- Exchange sensitive tokenized data with business partners.
Protect sensitive data the way you want your data protected!
Auric Systems International Is a Level 1 PCI DSS Validated Service Provider and a trusted leader in PCI compliant solutions. We have produced payment transaction processing applications since 1994.