ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

What is Tokenization in the Credit Card Payment Industry?

Updated on April 23, 2015

Security Matters

"Passwords are like underwear; you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers," wrote Chris Pirillo. As I embark on my new journey as a content writer for a merchant services company, such data security thoughts are always at the from of my mind.

In the tech world, the more data gets passed around, the more opportunities there are for it to be stolen or misused. An increasingly popular approach for the protection of sensitive data is the use of a token (or alias) as a substitute for a real credit card number.

The need for such measures becomes more evident with every security breach. For example, between Nov. 27 and Dec. 15, 2013, 40 million credit and debit card numbers were stolen from Target. 70 million records that included names, addresses, email addresses and phone numbers of Target shoppers were compromised. Credit unions and community banks spent hundreds of millions of dollars reissuing tens of millions of credit cards.

What is Tokenization

In my journey into the world of moving money from one place to another, this process was one of the first key terms to regularly pop up. With Tokenization, financial and other sensitive records are transferred between parties in reordered strings of letters and numbers. These unique identification symbols, or tokens, retain all the essential information without compromising its security.

When the cardholder swipes their card at a merchant, the card and transaction data flow through the merchant acquirer to the cardholder’s bank, which confirms that the cardholder is authorized to make the transaction. This structure was invented and is perpetuated by Visa and Mastercard, which serve as the information switches between the four parties.

An Overview of Tokenization & the Credit Card Industry with Akamai Chief Security Officer Andy Ellis

Inside the Process

Hypercomplexity in the computers leads to simplicity for businesses. Mathematical formulas and random number generators create characters that are of no value to a hacker. In this fashion, Tokenization reduces the amount of data a business needs to keep on hand. It has become a popular way for small and mid-sized businesses to bolster the security of credit card and e-commerce transactions. At the same time, it lowers the cost and complexity of compliance with industry standards and government regulations.

A payment card is used in a transaction and, once authorized, the cardholder data is sent to a centralized and highly secure server called a “vault.” Next, a random unique number is generated and returned to the merchant’s system. The token can be used in various business applications as a reliable substitute for the real card data.


Encryption and Best Practices

A secure cross-reference table is established to allow authorized lookup of the original value, using the token as the index. Encryption tools and secure key management complements this approach by protecting the original value within this environment. To anyone who doesn’t have authorization to access the vault, the token value is totally meaningless. Random characters don't help a thief.

The tokenization system must be secured and validated using security best practices applicable to sensitive data protection. These include secure storage, audit, authentication and authorization. The tokenization system provides data processing applications with the authority and interfaces to request tokens, or detokenize back to sensitive data.

Tokenization Adds Value

Sensitive data can’t be breached if it’s not there in the first place. At a time when cardholder data loss is at an all-time high, tokenization is extremely valuable for businesses, including those who have previously passed their PCI DSS audits. Even merchants who have full encryption solutions are investigating how the addition of tokenization can benefit them.

"The benefits of tokenization far outweigh the barriers to adoption as exhibited by the monetary losses associated with security breaches at major retailers," according to Jay Weber at "As new payment technologies are emerging to protect ... customer’s personal financial information, take advantage of the opportunities presented and find a way to make them work for you."


Will Tokenization Revolutionize Data Security?

See results


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)