Bolster Security while minimizing Compliance Complexity with Tokenization. Tokenization is a best practice technology that replaces sensitive financial account information in an ACH transaction or credit and debit card information in a card-based transaction with a random character string, or token. The technology is used to prevent the theft of credit card or bank account data while in transmission or storage.
Those of us in the business community have all by now heard stories of companies that have been the victims of cyber criminals. Today, businesses of all kinds and sizes face a similar challenge.
On the one hand, accepting card payments from consumers is both convenient and profitable. On the other, handling that payment account data can be risky and expensive.
So what are we to do?
Let’s consider a scenario. Your business is starting to take off. And that growth has helped along in no small part by your ability to offer your customers convenient payment options, like credit cards. Encryption is commonly employed to protect card data whether addressed or in transmission. This is without a doubt advisable. However, in almost all the horror stories involving data breaches that you’ve heard about, the stolen data was encrypted before it was compromised and decrypted.
Consequently, companies are forced to devote a lot of resources and money to ensure that encryption is centrally managed and card data is safeguarded. The problem with this approach is that, well, it requires a lot of resources and money. Most businesses don’t have the luxury of allocating resources to anything that doesn’t contribute to the bottom line.
Now let’s see how tokenization can help.
Returning to our example scenario, the call center agent accepts a customer’s credit card information over the phone. The credit card data – rather than being saved to a local data store – is transmitted directly – via secure web service – to the PaymentVision vault, where a token – which is like a substitute for the original card number – is generated and sent back to the merchant. With this approach, the consumer’s card number never enters the business environment. The business may securely schedule a processed payment against the token, without the liability of storing credit card information.
With your business environment, free of any actual payment account data, the cyber thieves will not find you a very attractive target.
In and of themselves, the tokens are quite meaningless. Only if a token is sent from the merchant to the PaymentVision vault, and paired with the original card number, can a payment be effective.
So what have we learned?
Tokenization is a much more secure and economical way for businesses to continue to accept card payments without assuming the risk and cost of storing the actual card data in their systems.
Also, you’ll be pleased to learn that by not storing card data in your business environment, your PCI-DSS requirements would be significantly reduced – just another reason to send it to the vault.
It’s easy to get started. Just visit www.paymentvision.com.