Tokenization can make card info less inviting to crooks

Register now

It is hard not to become desensitized to the almost daily news of data breaches. Identity theft is appealing to fraudsters, but the endgame is nearly always financial gain, so lifting payments data is a far more direct path to a payoff.

If we take it as a truism that hackers will find a way behind firewalls, onto servers and into databases, we need to make the potential prize less appealing.

There has been a lot of talk about EMV Secure Remote Commerce, card/credential-on-file network tokenization and more as “new” ways to protect data. But not all of these concepts are new.

While network tokenization is now being used in different ways, it is not a new technology. It has been hugely successful in protecting in-store mobile payments and it is now being touted as another layer of security for e- and m-commerce fraud.
What many people don’t realize is that card-on-file network tokenization does not only apply to newly enrolled cards. Existing card-on-file databases can be fully migrated to network tokenization and processed to ensure that the benefits extend to merchants’ full operations.

Network tokenization means merchants only store payment tokens in their database rather than actual card numbers. This delivers various security benefits to the digital commerce ecosystem by reducing the risk and mitigating the impact of malware, phishing attacks and data breaches. Essentially, merchants can make their entire card-on-file database unappealing to fraudsters overnight. Of course, hackers may still try to get in, but by tokenizing cardholder and card data, the information taken is largely useless. So, hackers will simply need to go elsewhere for their ill-gotten gains.

It is worth clarifying that network tokenization is different to PCI tokenization, which most merchants will already be familiar with. Where PCI tokenization only tokenizes card data in the database, network tokens travel through the whole transaction, meaning that the exposure of the original PAN is reduced to a minimum, making fraud much less likely.

Online retailers must accept hacking, malware and phishing as a reality of doing business in our digital world.

They should not lose heart, though. Tokenization fits seamlessly into their current infrastructure and payment processing flows without impacting the buying experience, it just makes the data they store infinitely less interesting to hackers. And that’s all of the payment data, not just newly enrolled cards. One important thing to note, tokenization is looking to become a requirement for e- and m-commerce merchants so getting ahead of the curve now will pay dividends in the future.

Overall, this is a technology that lets merchants focus more resource on what they do best, serving customers.

For reprint and licensing requests for this article, click here.
Data breaches Tokenization Mobile payments ISO and agent