News

Blog: Tokenization Brings Peace of Mind To Retailers

06/03/2015

As consumers become more and more tech savvy, they are also becoming ever more comfortable with using a variety of different payment methods; however, at the back of everyone’s mind is always the question “how safe is this technology?”

This is an especially relevant question for retailers, since it is their customers’ data that is at risk. As such suppliers in the payment processing industry have made data security their top priority and are working hard to ensure their products and services safeguard not only their clients against data breaches, but their clients’ customers too.

The biggest advance in the safeguarding efforts is the production of EMV chip-based credit cards. Named EMV after card providers, Europay, Mastecard and Visa, these cards have been slowly released out to consumers, giving merchants the time to adapt and invest in the new equipment that is required to process the new cards.

The main benefit of the new EMV cards and the processing equipment used by retailers is that there are many more levels of security involved, which means sensitive data is better protected. One such additional level is tokenization.

In the past, the magnetic strip on the back of debit and credit cards was used by processors to authenticate transactions; however, this was found to be insecure and led to many high-profile security breaches.

Tokenization means that customer data is no longer held in its true format (as on the magnetic strip, which can be cloned). Instead information is ‘tokenized’ and split into a serious of codes, which to a hacker or thief, would be meaningless since they cannot clone this information onto a replicate debit or credit card.

What does this mean for retailers?

Retailers often face hack after hack and have been on the receiving end of many a data breach because cybercriminals always manage to find a way to hack into payment processors and steal sensitive data. The good news for retailers is that EMV provides extra levels of security that the magnetic strip just doesn’t give.

The top three benefits for retailers are:

1. When the customer is present, information is tokenized at the point of sale and is therefore protected immediately and is therefore a lot more difficult to hack.

2. When the customer is absent transactions will be encrypted by the tokenization technology and will help retailers securely store customer information in the case of recurring payments.

3. When customers make payment via mobile, tokenization will encrypt all data and also segregate the payment channel, which means if a hacker was to steal customer data from the mobile phone, they still wouldn’t be able to use that data to make a fraudulent transaction.

With tokenization, all sensitive data is replaced with non-sensitive data, for example an account number will be substituted for a mixture of letters, symbols and ‘tokens’. This makes it very difficult for cybercriminals to get the information they really want. Because a retailer’s payment processing software no longer holds its customer information, it also means the retailer has the upper hand, for once!

This is not to say that EMV technology and tokenization are invincible. Indeed, hackers tend to keep on hacking until they succeed in breaching their target, so retailers must remain on the ball but it is an excellent step in the right direction and holds many benefits for all those involved (except cybercriminals!)