What Is Tokenization?
The purpose of tokenization is to swap out sensitive data—typically payment card or bank account numbers—with a randomized number in the same format, but with no intrinsic value of its own. This differs from encryption where a number is mathematically changed, but its original pattern is still “locked” within the new code—known as Format Preserving Encryption. Encrypted numbers can be decrypted with the appropriate key—whether through brute computing force, or through a hacked/stolen key.
Tokens, on the other hand, cannot be decrypted because there is no mathematical relationship between the token and its original number. De-tokenization is, of course, the reverse process, when the token is swapped—but not decrypted—for the original number. De-tokenization can only be done by the original tokenization system. There is no other way to obtain the original number from just the token. Tokens can be single use (a one time debit card transaction) that are not retained, or multi-use (a credit card number of a repeat customer) that is stored in a database for recurring transactions.
Most organizations—from retailers to charities to multinational distributors—need an omni-channel payment strategy with the flexibility to do business with anyone, anywhere, at anytime.
Any Data Set
Most tokenization solutions from payment processors or other service providers deal only with payment data, not PII (personally identifiable information), HIPAA data, or data sets covered by diverse international rules and regulations that vary by country.