Transparently Tokenizing Data While Maintaining Its Functionality

12 Apr
2019

Although the primary goals of tokenization are to secure data, desensitize it, and remove it from your environment, it’s just as important to preserve that data’s business utility. If an organization’s tokenized data can’t still be used for analytics or other business intelligence purposes, then it is just as worthless to the organization as it is to cybercriminals if they were to breach a system containing it. With TokenEx, organizations don’t have to sacrifice functionality for security. Our Transparent Gateway enables customers to share the sensitive data they’ve tokenized, such as a credit card primary account number (PAN), with third-party payment service providers (PSPs) and other desired endpoints without having to first detokenize the data.

The Transparent Gateway is a patented TokenEx technology that outsources an organization’s risk without significantly altering or interrupting the operation of its current business systems. Existing calls to third-party APIs need only minor modifications to take advantage of this market-leading technology. Using a payment authorization and capture request to a PSP as an example, a TokenEx customer would begin by formatting the request to the PSP’s API specification. The customer would then add three new HTTP headers to the request—two of which authenticate the customer to TokenEx and the third contains the URL of the PSP’s API endpoint.

The token representing the PAN is wrapped in three curly braces and placed in the body of the payment request where the PSP expects the card number—like so: {{{545454st7c8y5454}}}. Then, rather than post the request directly to the PSP, our customer sends it to the TokenEx Transparent Gateway. When the Transparent Gateway receives the request, the token is replaced with the PAN and then sent to the PSP for processing. The response from the PSP is returned to the TokenEx customer unaltered, enabling our customers to accept credit card payments without subjecting themselves to the risk of transmitting or storing credit card numbers.

Additional Support for Gateway Functions

On occasion, our customers need to interact with sensitive data prior to sharing it with a third-party via the Transparent Gateway. For example, the PSP may require the PAN to be encrypted within the payment transaction. Enter Transparent Gateway functions—an adept solution for this requirement. Continuing with our payment authorization and capture request example, the TokenEx customer would utilize the Encrypt function of the Transparent Gateway.

Functions are denoted in a Transparent Gateway API call by encapsulating the region to perform the function within four curly braces–{{{{…}}}.  All functions include two base parameters:  

Now you’re ready to pass along your encrypted, detokenized data to your PSP, satisfying its requirements with minimal changes to your existing processes.

One of the strengths of the TokenEx platform is our continuing innovation in support of our customers’ business needs. As a result of this flexibility and ongoing product development, we are a pioneering, industry-leading provider of cloud-based tokenization. For more information about TokenEx, our Cloud Security Platform, our Transparent Gateway, or any of our other products and solutions, contact us directly at info@tokenex.com.