The advantages and disadvantages of tokenization

The payment industry is always looking for new and better ways to secure sensitive data and protect customers. The recent string of data breaches at major retailers, which has resulted in the theft of millions of card details, has made it quite clear that everyone involved in the handling of payment information, from merchants to the developers of point of sale systems, still have a long way to go before they can really rest assured knowing their customers are safe.

Tokenization is the latest encryption technology that has gained popularity as a means of further fortifying payment details. Essentially, this process involves the substitution of critical data points with unusable figures, which can only be restored when the information is received by the token holder. This makes it difficult for fraudsters to intercept sensitive information as it passes between the point of sale and the card provider, which may deter some illicit activity.

Many companies have spoken highly about tokenization as a means of protecting customer information and several financial institutions have made its implementation a top priority. For instance, Visa recently announced the Visa Token Service and Apple has made tokenization a major underpinning of the recently announced Apple Pay service. 

Taking a deep look at tokenization
That being said, there are pros and cons to using any encryption method. As mentioned, one of the strong points of tokenization is the simple fact that most of the information being stored is random, valueless numbers that are meaningless without the token to decrypt the information. This takes the big target off the backs of retailers, restaurants and any other business that processed payments in the past, as they simply do not have the valuable information that fraudsters want stored on their servers anymore.

As Bank Info Security explained, tokenization is one of the leading security methods that organizations can implement to ensure the safety of their customers. It is particularly effective for smaller businesses, and helps them reduce the scope of their security efforts as they will not have as many - or any - systems that could potentially be targeted.

However, as Dark Reading suggested, nothing is ever perfect and that extends to tokenization as well. This encryption method is a great first step in the right direction, but it is no magic bullet that will eliminate all of the security issues businesses have contended with in the past few years.

One of the big problems is the fact that tokenization systems themselves have quickly become attractive targets to fraudsters - since the middlemen companies no longer store valuable information, criminals are turning to the token holders. Additionally, there are few security standards and best-practices regarding tokenization at this point, which can lead to some unsafe implementations and potential fragmentation throughout the industry.

Perhaps one of the most unfortunate drawbacks of tokenization and encryption is the cost, which could either dissuade businesses from using it or encourage them to jack up prices to offset additional costs.

“Token generating/processing will add additional cost to the processing of a transaction. This will likely be borne by the merchant but ultimately passed on to the consumer,” Dark Reading contributor Pat Carroll added.

At the end of the day, it is important that all parties involved with the payment industry realize there is no easy fix to data and payment security. New tools and approaches such as tokenization can help significantly, but companies also need to look at other options to bolster security as well.

Contact Datacap to discuss current tokeization and encryption options.