How does tokenisation work?
Tokenisation is a practical and effective security measure that secures sensitive data from potential risks and fraud. Tokenisation enables merchants to make financial transactions without the need to store credit and debit card information on their payments systems, helping them to reduce their expenses and their PCI scope.
Credit and debit cards usually contain valuable information such as account numbers, expiry dates, card numbers, and sort codes. All of this important information needs protecting, which is where tokenisation comes in.
For example, when a customer’s debit card is read by the merchant’s payment system the debit card number is automatically changed into a randomly generated code, or token ID, that is made up of numbers, letters, and symbols.
For example, the debit card number 1234-8765-9101-2345 would be turned into a9h7lfj65fgtQi on the merchant’s payment system.
Only the token ID enters the merchant’s system and the original card number is not recorded. The merchant is still able to keep customer records with the token ID being recorded as a9h7lfj65fgtQi = John Smith. The token ID is sent to the processor of the payment who deciphers the token ID and authorizes the transaction.
a9h7lfj65fgtQi is turned back into 1234-8765-9101-2345 by the payment processor.
The token ID can only be deciphered by the payment processor and is completely worthless information to anybody else. There is no way for anyone who managed to get hold of the token ID to link it back and find out the original card number. Additionally, this randomly chosen token ID can only be used with a single merchant and can’t be used to process payment for any other retailer.
Tokenisation is designed to keep sensitive information and data secure and only readable by the payment processor. This results in a greatly reduced risk of potential credit and debit card fraud.
This means merchants payment systems using tokenisation are much secure and more PCI compliant, as financial data stored on the payment system is greatly reduced. Tokenisation can be used to help merchants and businesses abide by security regulations and data protection laws that require protection of sensitive data.
January 24, 2019