Securing Stored Credit Card Data
Storing customer credit and debit card numbers “in the clear” opens merchants and enterprises up to huge potential for hacking and fraud. However, to enable recurring and subscription payments, it is extremely valuable to have this data readily available in the processing system.
Data tokenization is an integral component of secure payment processing that replaces credit, debit and ACH information in a transaction with a random character string or “token” acting as a surrogate for the credit card data. Payment tokenization differs from encryption. In encryption, when a payment application or a database needs to store credit card data, the card values are encrypted and cipher text is then saved in the original location. With tokenization, a token – or surrogate value – is stored in place of the original data.
Tokens are versatile. They can be engineered to preserve the length and format of the data that was tokenized and they can also be generated to preserve specific parts of the original data values. Thus, they can adapt to the formats of conventional databases and applications, eliminating the need to change the database scheme or business processes. Tokenization is also an ideal security solution to help lower your Payment Card Industry (PCI) scope.