Tokenization

Tokenization is a security process that involves replacing sensitive data elements, such as PANs (Primary Account Numbers), PHI (Protected Health Information), PII (Personally Identifiable Information), and others, with surrogate values known as tokens. While tokenization is a form of encryption, the two terms are used differently in practice. Encryption encodes human-readable data into incomprehensible text, which requires the correct decryption key to be decoded. On the other hand, tokenization, also called “masking” or “obfuscation,” preserves the data format while converting sensitive values into non-sensitive tokens of the same length and format as the original data.

• Tokens share attributes similar to the original data, such as character set and length.
• Each data element is mapped to a unique token.
• Tokenization is deterministic, meaning that generating a token for a specific value will always result in the same token.
• A tokenized database can be searched by tokenizing the query terms and searching for the corresponding tokens.

Tokenization serves as a vital data privacy protection strategy for businesses, safeguarding various types of sensitive information, including payment card data, social security numbers, telephone numbers, passport numbers, email addresses, bank account numbers, and more. As data breaches become more prevalent and data security gains importance, organizations find tokenization appealing due to its ease of implementation in existing applications compared to traditional encryption.

A common use case for tokenization is securing payment card data, as dictated by the compliance requirements of the Payment Card Industry Data Security Standard (PCI DSS). Tokenization is particularly beneficial for handling different card types’ routing requirements and enabling “last four” validation of card numbers. While PCI DSS allows merchants to secure payment card data using encryption, tokenization is also acceptable for meeting compliance standards. Given the complexity and high-performance nature of payment data flows, tokenization offers a more straightforward and efficient solution than encryption, making it an attractive option for businesses aiming to enhance data security.