Tokenization in the data security world is the process of moving sensitive data from a company network to a separate location or sever, and replacing and referencing that data on the company server with a unique token.
If hackers attempt to access sensitive information like credit card numbers from a server, they'll instead encounter the token which prevents them from finding the original data without a specific encryption key or knowledge of the tokenization system.
For example, say a merchant acquires a credit card number by swiping a customer's card with a card reader. If the merchant has implemented tokenization, this card number information is immediately replaced in the merchant's database by a token number while the actual card number is sent and stored (in encrypted form) at a different location, along with the reference from the token.
Because the actual card number is never stored in the merchant's front-end system, hackers have a much more difficult time stealing it. Customers can therefore be assured that it is safe to let that merchant use their card information because the actual credit card numbers are not stored in an easily accessible location.
All organizations that capture credit card data are required by the PCI DSS government regulations to secure and protect this data. Originally, this presented a challenge to the payment industry until Shift4 Corporation presented tokenization solutions at an industry Security Summit in 1995. The adoption of tokenization became a popular solution to meet the PCI DSS compliance regulations.
Other industries are beginning to adopt tokenization to protect confidential information such as banking transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.
Finding the most efficient way to implement tokenization is challenging, but the growing threat of cyber attack and the expense of data breach have motivated IT shops to research options in earnest.
A variety of third-party software solutions, such as Linoma Software's Crypto Complete, deliver tokenization tools as well as additional options for managing encryption keys, audit logs, message alerts; storing tokenized data; automatically assigning token identifiers; and providing a central management platform for the entire tokenization process.
When a greedy hacker in anticipation of scoring a cache of customer credit card data finds instead a series of tokens, companies win another battle in the war against cyber thieves.