Keeping sensitive payment data secure and private by encrypting with tokenization
All merchants have both an obligation and an industry mandate to protect consumers’ payment card data. Two specific vulnerability points need to be addressed where sensitive data is at risk of being intercepted or stolen:
- Pre-authorisation (when the merchant captures a consumer’s data and it is being sent or waiting to be sent to the acquirer/ processor); and
- Post-authorisation (when the data has been sent back to the merchant with the authorisation response and placed in storage in the merchant environment).
Tokenization turns sensitive data into an unrecognizable string of characters that are rendered unusable without the tokenization system in place and, if stolen, provides no value to cybercriminals.