We see signs every day that inform us about safety measures an organization is taking. We have all seen these examples:
- “Premises protected by video surveillance.”
- “This vehicle stops at all railroad crossings.”
- “Driver carries less than $100 in cash.”
- “Caution: Wet floor”
These types of signs are common in business. They show customers, partners, and employees what’s being done to protect the business and help reduce the organization’s risk and liability.
When it comes to payment transactions, there isn’t always a prominent sign displaying the type of security provided. As customers become more concerned about how their cardholder information is handled, your employees will likely be the voices promoting the way payments are protected in your organization. Merchants provide payment security using a combination of solutions to ensure customers have a safe transaction environment. Tokenization is just one of these tools. To help you and your employees understand what tokenization is and its benefit to your organization, here is a primer.
What is tokenization?
Primary Account Numbers (PANs), such as payment card numbers, represent considerable risk to brand and business continuity, not to mention the considerable costs incurred when PAN data becomes exposed. By far, the best solution is to entirely eliminate PANs from the merchant environment. When PAN data is first transmitted the data should be in an encrypted form rendering it useless to anyone other than the key holder.* If the merchant wishes to offer customers the convenience of storing payment information for subsequent transactions (installment, recurring, future purchases, etc.) one of the best techniques for this is referred to as “tokenization.”
To quote the PCI Security Standards Council (SSC), “Tokenization is a process by which primary account numbers (PANs) are replaced with surrogate values called ‘tokens.’” Put another way, tokenization solutions, such as the TC Citadel, allow payment applications to defer the risks and costs of PAN retention to organizations specializing in the secure and compliant storage of such data.
Can the token be altered?
After implementing a proper tokenization solution, PANs are replaced with secure, randomly generated tokens. These tokens make the exposure of PAN data impossible, cannot be used to arbitrarily charge cardholders, and cannot be used to glean other sensitive information, such as personally identifiable information (PII). Within the TC Citadel, tokens are referred to as Billing IDs and are formatted as alphanumeric strings of six or more digits.
TC Citadel, an advanced tokenization solution, implements strong encryption, advanced key management, advanced token generation, and all applicable industry requirements, guidelines, and best practices.
Get the word out
If your employees are on the front lines, interacting with customers, arm them with a solid understanding of the payment security your organization utilizes. Give customers the confidence of knowing their payment information is protected.
If you liked this article, read this recent post on transparent redirect solutions.
*For further information on encryption, click here.