Tokenization defines a process through which a credit card holder’s Primary Account Number (PAN) data is replaced with a surrogate value known as a “token.” The security of an individual token relies on properties of uniqueness and the infeasibility to determine the original PAN knowing only the surrogate value. As a reference or surrogate value for the original PAN, a token can be used freely by systems and applications within a merchant environment.
Where properly implemented, tokenization allows merchants to limit the storage of cardholder data to within the tokenization system, potentially simplifying an entity’s assessment against the PCI DSS. As a reference or surrogate value for the original PAN, a token can be used by systems and applications within a merchant environment without having to consider the security implications associated with the use of cardholder data.
What Are The Benefits of Tokenization
- Reduces PCI DSS Scope
- Renders payment card data meaningless to hackers
- Provides end-to-end security
- Not mathematically reversible
- Format fits legacy payment card data fields
- Retains last four digits of original payment card data for easy customer identification