GDPR's enforcement in May 2018 drastically altered the privacy environment and accelerated the adoption of new technologies, such as tokenization. In the past four years, the General Data Protection Regulation (GDPR) has increased public awareness of how data is handled and put significant penalties on businesses that have not complied. GDPR has quickly transformed privacy legislation and become the benchmark by which other privacy regulations in the U.S. and elsewhere in the world are measured. To meet the GDPR compliance standards, security solutions such as tokenization can play a vital role in securing sensitive data sets.
What is tokenization?
Tokenization is the process of exchanging sensitive data for non-sensitive data, known as "tokens," that can be utilized in a database or internal system without exposing the sensitive data to the public. Tokenization, in other terms, is the act of substituting sensitive data with unique identification symbols that retain all critical information without compromising its security.
This makes tokenization an especially valuable tool for risk mitigation and compliance. Tokenization has become a popular method for small and medium-sized enterprises to increase the security of credit card and e-commerce transactions while reducing the expense and complexity of complying with industry standards and government requirements.
The purpose of tokenization is to protect sensitive data while preserving its business utility. Even though the tokens are unrelated values, they maintain certain aspects of the original data, most typically the length or structure, so they can be utilized without interruption in business operations. The original sensitive data is then stored in a secure location outside the organization's internal systems.
In contrast to encrypted data, tokenized data cannot be deciphered and cannot be reversed. Because there is no mathematical relationship between a token and its original number, tokens cannot be returned to their original form in the absence of additional, independently recorded data. Consequently, a breach of a tokenized environment will not affect the original sensitive information.
What is a token?
A token is a bit of data that substitutes for a more valuable piece of data. Tokens have almost no intrinsic value; they are only useful because they represent something of value, such as a Primary Account Number (PAN) or Social Security number (SSN).
For example, the token of a credit card number has the final four digits preserved, but the remaining digits are random. The token is now safe for database storage. This token alone cannot be used to compromise a credit card account by anyone with access to it.
Tokens can be generated in various ways:
- Using a key and a mathematically reversible cryptographic function
- Using a function that cannot be reversed, such as a hash function
- Utilizing an index function or a number chosen at random
Thus, the token becomes the exposed information, while the sensitive information that the token represents is securely held on a centralized server known as a token vault. Only in the token vault can the original information be mapped back to its associated token.
How tokenization works
Tokenization functions by eliminating the sensitive information from your environment and replacing it with these tokens. The majority of businesses store at least some sensitive data within their systems, whether it be credit card information, medical data, Social Security numbers, or anything else that requires security and protection. Using tokenization, organizations can continue to use sensitive data for business purposes without incurring the risk or compliance burden of storing it internally.
To better comprehend tokenization, let's analyze the example of a POS-based or online credit card transaction. PCI standards prohibit the storage of credit card numbers on a retailer's point-of-sale (POS) terminal or in its databases following a transaction. To ensure PCI compliance, merchants outsource payment processing to a service provider that offers tokenization. The service provider is responsible for the issuance of the token's value and the security of cardholder information.
- A customer enters their payment information at a point-of-sale (POS) terminal or an online checkout form.
- The details or data are replaced with a randomly generated token, which is typically generated by the payment gateway of the merchant.
- The tokenized information is subsequently transferred to a payment processor securely. The original sensitive payment data is saved in a token vault within the payment gateway of the merchant. This is the sole area where a token can be mapped to the information it represents.
- Before sending the information for final verification, the payment processor re-encrypts the tokenized data.
Difference between tokenization and encryption
Digital tokenization and encryption are two distinct data security-related cryptographic approaches. The primary distinction between tokenization and encryption is that tokenization does not alter the length or type of the protected data, whereas encryption modifies both values.
This renders the encryption unreadable without the cryptographic key, even if the encrypted message is visible. Tokenization employs information that cannot be decrypted to represent confidential data. Encryption has been the chosen technique of data security for decades, but tokenization has recently emerged as a cost-effective and secure solution. However, encryption and tokenization are frequently used together.
Benefits of tokenization
The objective of an efficient tokenization platform is to remove any sensitive payment or personal data from your company systems, replace each data set with an undecipherable token, and keep the original data in a secure cloud environment that is independent from your business systems. Tokenization can be used to protect any type of structured data sets, including cardholder information, Personal Identifiable Information (PII), and Protected Health Information (PHI).
A correctly constructed and executed cloud tokenization platform can avoid the disclosure of sensitive data, preventing attackers from obtaining any type of usable information, whether financial or personal. "Usable information" is the determining factor here. Tokenization is not a security system that prevents hackers from gaining access to your networks and data systems. There are numerous different security mechanisms created for this function. Instead, it is a data-centric security solution that adheres to Zero Trust principles.
Another advantage of tokenization is that an organization may not need to notify affected individuals in the event of a data breach. If a threat actor infiltrates your environment, the only information that could be stolen are tokens, not personal data. In reality, there has been no data breach; consequently, there is no need to send a breach notification.
What information should be tokenized?
Tokenization is frequently employed to safeguard credit card numbers and is mandated by the Payment Card Industry Council (PCI). However, tokenization can help an organization securely retain sensitive data in a variety of scenarios. The Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), for example, mandate particular processing, anonymization, and storage of personally identifiable information.
In addition to securing sensitive data, tokenization devalues it. In other words, the process of pseudonymization de-identifies the data, which is an effective compliance method. In addition, tokenization can assist organizations in meeting certain GDPR compliance requirements and data subject requests, such as the right of access and the right to be forgotten.
Types of tokens
As previously established, tokenization is an essential requirement for processing cardholder data. This is necessary given the rise in POS and online credit card transactions. There are three methods of tokenization applicable to this use case: gateway, pass-through, and payment service tokenization.
1. Gateway tokenization
The majority of e-commerce enterprises accept payments using a payment gateway. Gateways feature technology that allows you to save a credit card to their system and receive a token. From then on, when you conduct a transaction, your system transfers the token instead of the credit card number to the gateway, allowing you to remove credit card information from your system. Since each gateway supplies its own token schema, you may be susceptible to vendor lock-in. Switching gateways is frequently an expensive and time-consuming operation, and in some instances, it is prohibited by the gateway.
2. Pass-through tokenization
Some tokenization service providers employ a mechanism known as pass-through tokenization, which enables you to use your existing gateway integration code. This method of tokenization leverages your existing technology and may be used rapidly, which is one of its advantages. Additionally, it has the benefit of being modular. You can use it for more than simply credit card purchases, including connecting to most APIs and tokenizing data other than cardholder information. Pass-through tokenization is superior to gateway tokenization because it enables payment solutions to route transactions to different gateways in real-time, thereby avoiding the costly and time-consuming transfer of card data between different payment platforms.
3. Payment service tokenization
Another tokenization technique is the payment services concept. This architecture offers a single API that, once integrated, can route payments to several payment gateways. The payment services approach is optimal for businesses with complex payment requirements, such as making payments across several regions or currencies, or against multiple processors and gateways. In addition to reducing PCI scope and enhancing security, the payment services paradigm precludes payment gateways from managing tokens. In contrast to gateway tokenization, third-party tokens are compatible with all supported gateways.
Protecting your tokenized data
Tokenization's efficacy can be compromised if it is not properly implemented and protected. For example, the only method to guarantee that tokens cannot be reversed is to generate them randomly. Only a (reverse) lookup in the token server database will reveal the original sensitive data included within the token. The generation of random tokens is straightforward, and the size and data type limitations are simple. This should be the default, as businesses would never desire retrievable sensitive data from the token.
Protection of the token server is an additional problem. To guarantee that your tokenization system complies with PCI standards, it is essential to maintain network segregation on your token server. If the server is not effectively safeguarded, the effectiveness of the entire system may be compromised. The token server is in charge of reversing the tokenization procedure, so it must be protected with traditional key management and strong encryption.
The Venafi Control Plane for Machine Identities platform can help you protect the machine identities of your token servers to ensure that your sensitive data are always protected. To understand the perils of machine identity management, download our dummies guide.