Tokenization
Data breaches are occurring more frequently than ever. Data thieves don't discriminate. Both merchants and processors, regardless of size are victims. Most victims are PCI compliant, proving that such compliance doens't provide guarantees. New technologies are emerging that, when combined with other PCI approaches and standards significantly bolster data security while lowering costs.
PCI
PCI has been promoted by the card brands and industry as the leading defense against card data breaches. Compliance, however, is costly, time consuming, and unfortunately does not limit the merchant's liability. Given the number of data breaches in PCI compliant businesses, firms are looking to augment their protection.
End-to-End Encryption (E2EE)
E2EE is a methodology that addresses security when the card data is in transit or at rest. PCI compliant companies employ some level of E2EE as they are required to encrypt the data during transmission and "protect" it when it is stored. Most often this protection is in the form of encryption. In this scenario, the data has to be decrpyted for processing and encrypted before being stored or transmitted. E2EE provides point-to-point security but has some vlunerability when the data point is decrypted.
Tokenization
Tokenization is a methodology that addresses when the card data is in transit, at rest, and while in use. Tokenization replaces card account information with "tokens" generated by a third-party service provider. In this manner, the merchant is not required to store any card data. The additional security afforded during tokenization usually means it is a more secure solution for merchants.
For more detailed information on Tokenization download our eBook.
Practical Payments
Ten Approaches to Consider in Card-Not-Present Transactions
