TOKENIZATION FOR HIGHER EDUCATION:
ELIMINATE DATA THEFT RISK, REDUCE COMPLIANCE COSTS
University and college campuses are virtual vortexes of data generated by people, laptops, and mobile phones, communicating on open WiFi and cellular networks. A torrent of data is constantly flowing among students, parents, professors, campus IT systems, external organizations, and payment processors. Sensitive information on tuition payments, loans and grants, and campus retail sales, as well as personal details of students, parents and their payment records, is being captured, stored, and processed by a wide variety of campus business systems. Layers of complex technologies from multiple vendors unifies the campus with open communication and data exchange. It is also an ideal target for cyber-thieves and fraudsters, whose advanced intrusion malware combined with social engineering phishing scams can penetrate and siphon off personal and payment data for sale in distant black market data bazaars. All that swirling data that enables a campus to function as a center of learning, is also a honeypot that is ripe for theft.
Educational organizations’ IT systems have been receiving and storing all types of sensitive data for decades. Recent initiatives focused on regulatory compliance have focused IT departments on putting in place security policies and procedures to safeguard sensitive information. But with the increasing number of successful—and very public—breaches of a wide range of organizations, it’s a matter of when, not if, your information systems are breached by the usual suspects. The question for campus administrators is: when the inevitable breach occurs, will there be information in the IT systems worth stealing?
Tokenization technology operates on the fundamental principle that hackers can’t steal what’s not there. By using a cloud tokenization platform, no valuable PCI, PHI, or PII data is accepted, stored, or transmitted by an organization’s IT systems. The TokenEx Cloud Security Platform replaces sensitive payment and personal data with mathematically-unrelated tokens, stores the original data in 100% PCI-compliant secure data vaults, running in fully-redundant cloud data centers. Any successful breach of a organization’s IT system only yields a trove of tokens that are unusable to cyber-thieves. For all types of sensitive information—payment data in particular—this solves two urgent problems for organizations:
Decreases the scope of PCI compliance, so that most of the IT infrastructure is subject to the minimum number of PCI controls, thus reducing the cost and labor of keeping software and hardware in compliance with constant testing and audits.
Removes the risk of losing sensitive data and the repercussions of lawsuits, financial fines, and adverse publicity that drives away students and alumni—as well as damaging the organization’s brand.
PCI & PII ARE FAVORITE TARGETS
While payment card information used to be the most frequent target of hackers, new security tools such as the use of AI software to detect patterns of fraud and the introduction of EMV chip cards, are making it more difficult for the cyber-theives to sell only the payment cards primary account numbers (PAN). Fraudsters need the personal information that goes with PCI to fabricate identities for use in card-not-present fraud. If that’s not troublesome enough, cyber-espionage by state-sponsored hackers is rising at alarming rates and their target is PII—data that helps them identify people and their associations as targets for further “attention”. The connected world is a global data war zone, and every organization is a target.
COMPLIANCE COSTS SKYROCKET
ELIMINATE DATA THEFT RISK
To eliminate the risk of losing payment and personal data, the goal is to remove all the sensitive data that is coveted by cyber-thieves from internal systems, so that a breach becomes a reporting inconvenience instead of a financial and public relations disaster. The TokenEx Cloud Security Platform provides tokenization and data vaulting services that eliminate data theft risks and reduce compliance costs without disrupting existing business processes. TokenEx secures payment processing through every acceptance channel, tokenizes all types of sensitive data, and integrates payment service providers such as fraud detection, to keep sensitive data safe, yet ready to use for processing.
REDUCE COMPLIANCE COSTS
To accommodate students and their parents, the Bursar’s Office at colleges and universities need to work with as many payment channels as feasible: in-store and in-office card readers, web checkouts, call centers, and mobile apps. The last three of these methods fall under the category of card-not-present transactions and are particularly vulnerable to theft and fraud. The only way to achieve the lowest cost PCI compliance for these channels is to immediately encrypt and tokenize the incoming payment data at the point of entry. The TokenEx Cloud Security Platform protects any acceptance channel you choose to implement as well as any data type.
- TokenEx’s Browser-based Encryption API intercepts payment data entered by cardholders on the checkout web site page and instantly encrypts, tokenizes, and stores it in secure data vaults, with only the token returned to business systems for recurring billing transactions and other processing.
- Office and in-store payment terminals can be easily integrated with the tokenization process using Point-to-Point Encryption (P2PE) card readers that immediately encrypt and pass the PAN to TokenEx to be tokenized and stored.
- Call centers can implement TokenEx Virtual Terminal, keeping payment data from being stored or processed in call center workstations, thus removing them from PCI compliance scope.
- Mobile apps can use the TokenEx Web API to encrypt entered payment card at the device app level, vault it, and return a token for storage and processing.
A UNIFIED TOKENIZATION PLATFORM SAFELY STORES HETEROGENEOUS DATA TYPES
In the TokenEx Cloud Security Platform, payment, PII, and PHI data are stored using a unified tokenization schema in cloud data vaults, protected by rotating encryptions keys. Using a unified security architecture is critically important when securing multiple types of sensitive data formats. Working with multiple tokenization providers to store different data formats can lead to data corruption issues when the tokens are mixed back into business systems for processing. TokenEx’s unified tokenization platform stores all data types using a consistent model to ensure interoperability of tokenized data in business processes.
INTEGRATE WITH YOUR CHOICE OF SERVICE PROVIDERS
Being payment processor agnostic is a central tenet of the TokenEx Cloud Security Platform, so your billing department can choose which payment gateways and processors to work with and switch among them as needed. With the TokenEx Cloud Security Platform acting as the central point of integration, payment service providers—such as fraud detection, card refresh, and marketing analytics—work with your tokenized payment stream in real time or batch mode. Need a real time check on the authenticity of an unusual payment? TokenEx tokenizes the PAN, removing it from your systems, and sends the appropriate hashed value of the PAN back to your systems to send to the fraud detection service for analysis. Your business processes don’t change because TokenEx takes care of all the integration with your choice of vendors. Your business systems never receive, store, or transmit payment data, only tokens, keeping them free of toxic data.
NO CONTRACTS: YOUR DATA, YOUR CHOICE
Tokenization technology is an ideal solution for preventing data theft. But it’s not ideal to have your data locked up by one payment provider’s proprietary tokenization system, leaving you unable to work with other service providers or to change payment processors. The TokenEx “no contracts” approach doesn’t lock you in with complex long-term commitments—your data is always your data, and should you decide to change tokenization vendors, we work with you to make the transition. And unlike payment processors who charge you every time for accessing and using your tokens, TokenEx fees are based on first time tokenization and the storage of token/PAN data sets, not for every access. For complex organizations such as higher education that store and manage large data sets, pricing can also be set at yearly subscription rates, or an unlimited utilization option, obviating the need to track data storage and tokenization.
Our clients depend on TokenEx to provide a complete and customizable tokenization solution for their PII and PCI data theft challenges and to reduce the costs of compliance. Let us explain how the TokenEx Cloud Security Platform can help your organization secure all types of data. Contact us today to set up an appointment to discuss your specific challenges.