TokenEx Secures Toxic Personally Identifiable Information (PII)
Organizations are getting breached at a record pace, with a particular focus on obtaining Personally Identifiable Information (PII). The stealing of PII is rampant in every business sector and industry because it can be used for fraud and identity theft. 21st Century Oncology is just the latest healthcare company breached, exposing sensitive information in 2.2 million patient records. Even the Internal Revenue Service recently had to deactivate an online PIN-retrieval tool—which, ironically, was originally meant to prevent stolen Social Security numbers from being used to file fraudulent returns—after finding that hackers had successfully subverted the system.
Since no organization is safe from cyber criminals, what are the consequences for not properly securing PII? How are organizations supposed to protect their data from the onslaught of attacks? What’s the best way to secure PII and eliminate the risk of theft?
Fines + Public Reporting = Organizational Nightmare
Breaches that result in stolen sensitive data require formal reporting to several layers of authorities. The National Conference of State Legislatures, for example, is just the tip of the iceberg when it comes to reporting exposed PII at the state government level. Each state has different reporting requirements, as well as different fine amounts contingent upon the extent and sensitivity of the exposed data. Next is the Federal Trade Commission (FTC) which administers federal fines that are generally much more financially severe. The FTC is newly authorized to take law enforcement action to ensure that companies live up to their privacy statements, and has indeed recently brought legal actions against organizations that have violated consumers’ privacy rights, or misled them by failing to maintain security for sensitive consumer information. Ultimately, once the loss of PII is officially reported, then journalists are only too eager to spread the news to the public, causing damage to brands and the loss of trust of existing and potential customers. Nightmare indeed.
The number one reason for all data breaches is the availability of sensitive data sets stored in IT business environments. Cloud tokenization is the best way to protect PII—simply and cost effectively. Tokenization of PII works the same way as tokenizing Payment Card Information (PCI). Sensitive personal data such as social security numbers, dates of birth, email and postal addresses, etc. are replaced with tokens—randomized numbers in the same format as the original data, but with no intrinsic value of their own. Tokens cannot be decrypted because there is no mathematical relationship between a token and the original value. The best part is you can tokenize ANY type of data set in the same token vault in order to secure PII, PCI, and even Personal Healthcare Information (PHI), keeping all sensitive data out of the reach of hackers and state-sponsored spies.
Taking security to an even loftier level, cloud tokenization, as provided by TokenEx, removes sensitive data and safely stores it in secure cloud data vaults. Unlike on-premise tokenization solutions, the real data is not housed in your IT environment at all, only the corresponding tokens. This eliminates the risk of exposing your customers and your organization to the very ugly side of data breaches. Fines, angry customers, lost revenue, public relations embarrassment, are just a few of the byproducts of a data breach. With cloud tokenization, hackers can’t steal what’s not there.
Flexible Token Schemes Designed for Your Organization
Since customer personal and payment data is the lifeblood of most every business system, it’s critical that tokenizing the data for security purposes does not inhibit existing business processes. TokenEx provides a variety of flexible token schemes to facilitate multi-data set acceptance without disrupting business processes and existing applications. Simply put, a token scheme encapsulates the validation of the input data as well as the format of the token returned to the business system. For example, if you have business processes that use a social security number, you could use a format-preserving token scheme that retains the social security structure (xxx-xx-xxxx). This enables your existing business logic to remain unchanged while securing the data in a tokenized environment. TokenEx provides virtually unlimited flexibility in how sensitive data is received, tokenized, stored and processed, while eliminating data theft risk and reducing the cost of PCI compliance.