The Future Of Fraud Protection: Tokenization-As-A-Service

By Ian Hermon, Payments Security Specialist, Thales e-Security

According to Gartner, 10 percent of overall IT security enterprise product capabilities will be delivered in the cloud by 2015. Furthermore, 27 percent of those surveyed indicated they were considering deploying tokenization as a cloud service. Gartner believes regulatory compliance measures, such as those related to the Payment Card Industry Data Security Standard (PCI DSS), are driving increased interest in Tokenization-as-a-Service. This service enables security buyers to avoid having to house personally identifiable information (PII) or other confidential data. The service allows organizations to remove tokenized systems from being considered “in scope” for PCI compliance, thus removing the burden of regulating the environment. It lessens or nullifies the effects of malicious hacks or data leakage, making it an attractive security solution for merchants, card issuers and regulators alike.

For the purposes of payments security, tokenization exchanges the primary account number (PAN) with non-sensitive data (of the same size and format), typically known as a token or alternative PAN. Depending on the use case, the merchant either requests a token for the PAN from a tokenization provider (who may be a card scheme, bank acquirer or another trusted third party) or receives a token rather than a PAN in the original payment transaction. The consequence is that the merchant never has to store real PAN data and, importantly, does not need to change the way payments are accepted or authorized.

Please log in or register below to read the full article.