Introduction to Data Types

Many organizations seek tokenization services to help them reduce the expensive overhead of compliance with the Payment Card Industry Data Security Standard (PCI DSS). A top priority is to remove all payment card data from internal IT systems to eliminate data theft risk and minimize compliance costs. The next logical step is to remove all personally identifiable information (PII) from systems using the same tokenization schema, data vaults, and processes. This alleviates your liability for losing your customers’ financial and personal information such as email addresses and tax ID numbers. Some organizations that are defined as Covered Entities under HIPPA regulations also need to tokenize protected healthcare information (PHI).

For each organization, it’s critical that all three types of sensitive data can be stored in the same secure data vault, following consistent tokenization schemas that are appropriate for the data types. Tokens can be format-preserving so that, for example, the same length and sequence (e.g., alphanumeric) is used so that no changes to business processes are required. TokenEx Secure Cloud Data Vaults store clients’ sensitive data and using secure encrypted channels swapped with mathematically-unrelated tokens used for processing in business systems instead of the actual sensitive data. Since the data is secured off-premise, out of an organization’s IT environment, a data breach will not result in any exposed sensitive data. This eliminates the risk of data theft and greatly reduces the cost of security compliance such as PCI DSS.

TokenEx has multiple methods of intercepting and processing any type of sensitive data so that it never enters your network, databases, or even web screens. Sensitive data used in organizations in a range of business processes are grouped into three main forms.

Payment Card Information (PCI)

PCI DSS documents the standards that govern how organizations need to protect Cardholder Information, Primary Account Numbers, and other PCI-related data.

Personally Identifiable Information (PII)

NIST Special Publication 800-122 defines PII as any information about an individual maintained by an agency.

Protected Health Information (PHI)

PHI is a term broadly used to describe various types of information related to healthcare diagnosis, patient records, and payments.

Want to learn more about data types and tokenization?

Contact us to learn how TokenEx can help tokenize your sensitive business data