Glossary

Glossary

Glossary

Terms to Know

Use this glossary as an aid to some TokenEx terminology.

  • Authorization Model –
    A very powerful model for authorizing users that use the TokenEx platform, based around a multi-factor authorization model. A unique identifier is used for signing into an account, assigning granular access control to each method through a unique API key, and must originate from an approved address through an internet connection, virtual private network (VPN), or dedicated leased line.
  • Batch Tokenization –
    A real time, per-transaction solution: credit card data sent to TokenEx is stored in a secure data vault and paired with a randomly-generated token, which is then passed to you for your records. The difference lies in the way these transactions are handled.
    Instead of acting as an intermediary between you and your payment processor for every transaction, with Batch Tokenization you conduct your day-to-day business just as you always would. The only change is, instead of batching your credit card transactions and sending them straight to the processor, you send them to TokenEx.
  • Cloud Tokenization – aPaaS –
    A tokenization platform hosted in a cloud environment (Content Delivery Network) and generally managed by an outsourced provider. The cloud hosting offers significant reduction in PCI Compliance/Scope due to the sensitive data being stored off premises.
  • Consumer Authentication –
    The process of identifying specific users at the point of transaction to authenticate payment transactions. This can be done through different types of algorithms, biometrics, and many other options. The goal is to link the “true” user to their payment card, ACH, mobile, etc. to eliminate fraud at the point of transaction.
  • Data Vaulting –
    The process of sending sensitive data offsite through secure, measured controls and storing the sensitive data in a vaulted cloud environment. Payment Card Information, Medical information, Bank account data, images, PDF files, etc… can all be stored in a Data Vault.
  • De-Tokenization –
    The reverse process of redeeming a token for its associated PAN value.
  • EMV –
    Stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.
  • Encryption –
    The process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the message or information, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.
  • HIPAA –
    The federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
  • IFrame (Hosted Payments) –
    Creation of your own HTML form on your website that posts directly to the payment processor of your choice. This method allows full control over the look and feel of your payment form, while reducing your PCI compliance scope since the sensitive payment data is transferred from the web browser directly to the Payment Processor/Gateway server via HTTPS.
  • NFC –
    Near Field Communications is a set of standards for smart phones and similar devices to establish radio communication with each other by touching them together or bringing them into proximity, typically a distance of 10 cm (3.9 in) or less.
  • On-premise Tokenization –
    A deployment of a tokenization platform, which is deployed on-site of the user and managed locally by the user. Generally, the on-premise tokenization solution is more expensive and does not reduce PCI Compliance/Scope, due to housing sensitive data on-premise.
  • PCI – Payment Card Information
    The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card brands including Visa, MasterCard, American Express, Discover, and JCB. Private label cards –those without a logo from a major card brand are not included in the scope of the PCI DSS.
    The PCI Standards is mandated by the card brands and run by the Payment Card Industry Security Standards Council, the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
  • PHI – Protected Health Information as defined by HIPAA –
    A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
    (B) relates to the past, present, or future physical or mental health or condition of any individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”
    “Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and:
    (1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
    (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
  • PII – Personally Identifiable Information –
    the term Personally Identifiable Information means any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, date and place of birth, mother’s maiden name, biometric records, etc., including any other personal information which is linked or linkable to an individual.”
  • PKE – Public Key Encryption –
    also known as Asymetric Key Encryption –
    is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked. The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature. The term “asymmetric” stems from the use of different keys to perform these opposite functions, each the inverse of the other – as contrasted with conventional (“symmetric”) cryptography which relies on the same key to perform both.
  • P2PE – Point to Point Encryption –
    is provided by a third party solution provider, and is a combination of secure devices, applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment. A PCI P2PE solution must include all of the following:
    Secure encryption of payment card data at the point-of-interaction (POI)
    P2PE-validated application(s) at the point-of-interaction
    Secure management of encryption and decryption devices
    Management of the decryption environment and all decrypted account data
    Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration and usage.
    Transaction Latency – The time between initiating a request to a payment processor and receiving the answer. These are specifically defined by each of the different payment card companies to ensure that a user can process their payment in an expedient/specific period of time.
  • Tokenization – Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token that has no extrinsic or exploitable meaning or value. The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods, which render tokens infeasible to reverse in the absence of the tokenization system Tokenization must be secured and validated using security best practices applicable to sensitive data protection, secure storage, audit, authentication and authorization. The tokenization system provides data processing applications with the authority and interfaces to request tokens, or de-tokenize back to sensitive data.
  • Uptime –
    The specific amount of time in which a service is operational. This is generally measured as a percentage of website availability or the time a site is fully operational.
  • Virtual Terminal Proxy –
    Using a combination of an encrypted PIN pad and data tokenization, real credit card data is never received or stored on a workstation – instead, it is automatically replaced with tokenized data through a proxy server. The system is completely seamless, and does not change an employee’s regular operations. Furthermore, the systems take only hours to install, and they don’t require any on-site IT support to operate.
  • Web Services – Web services act as a proxy between incoming data and your environment to ensure payment card data does not reach your perimeter. The goal is tokenize the data before it ever hits your environment.