Protect Stored Cardholder Data With Tokenization
Businesses like health clubs and utilities that process recurring payments from customers each month face a challenge when it comes to protecting their customers' sensitive payment information.
Obviously, it's more convenient for customers to provide the business with their payment information (credit and debit card numbers, expiration dates, etc.) once, instead of every month. But businesses are understandably cautious about storing this information in their own systems due to the risks of cyber-theft and costly data breaches.
The Solution: Tokenization
The solution to this problem is a data security technology known as tokenization. This technology replaces sensitive payment information in cyberspace with a unique "token" made up of upper- and lower-case alphabetic, numeric and special characters that have no relationship to the information itself. The merchant stores the token, not the actual information itself -- this is instead stored by the merchant gateway provider in a secure, PCI (Payment Card Industry) compliant database located in the cloud.
Tokens are undecipherable, and they only point to the associated payment data -- they don't decrypt it. So they have no value to hackers if they are stolen.
In the case of a recurring monthly transaction, the merchant passes a unique token that represents one card's payment information to the credit card processor, which generates a transaction based on the cardholder data associated with the token. In addition to recurring transactions, tokens can also be used for product returns and refunds. Tokens can be generated via virtual terminals or a card swipe at the merchant's point of sale (POS) terminal.
Tokenization is one component of a layered cardholder data defense system that merchants should implement in order to protect cardholder data and adhere to PCI compliance standards.
A layered approach to data security is the best way to protect sensitive payment information. In addition to tokenization, these layers should include encryption, online fraud and verification tools, and an EMV-capable POS terminal.
Learn more about EMV capabilities and requirements from these related articles:
Please contact PNC Merchant Services® Customer Service at 800-742-5030 if you have more questions about how tokenization can help you protect sensitive cardholder data.