News


Encryption and Tokenization

August 24, 2011

Encryption versus Tokenization

Merriam Webster's dictionary defines "entropy" as, "the degree of disorder or uncertainty in a system".  Computer hackers, identity thieves and more thrive off such disorder. In an attempt to combat the exploitation of uncertainty in the transmission and storage of data such as credit card information or medical history, IT professionals are constantly striving to create more secure methods. Two clear winners are emerging: E2EE & Tokenization.

End to end encryption (E2EE) encrypts data at the source (such as a credit card terminal) with knowledge of the intended recipient, allowing the encrypted data to travel safely through vulnerable channels (eg, the internet) to its recipient where it can be decrypted (assuming the recipient has a key to make sense of the encrypted data). For example, your primary care physician is in New York City (NYC) and you are required to see a specialist in Boston. The specialist needs certain sensitive information from the NYC doctor's office. Using E2EE, the NYC doctor's office could send seemingly nonsensical data to the specialist in Boston. For example, the doctor in NYC could send a data file to Boston that contained the following message: 10_15_8_14-19_13_9_20_8 = @***. In this example, each number corresponds to a letter's position in the English alphabet, @ means allergic and *** means penicillin. This would tell the specialist in Boston that John Smith is allergic to penicillin.

With tokenization, the sensitive data is stored locally or by a third party service provider. Only those with a token can access the data and tokens are user specific (our specialist in Boston would have access to info regarding John Smith, not everyone that goes to the NYC doctor's office). This method was developed in 2005 and has gained popularity due to the fact that only sensitive information of a given data set is tokenized. For example, an online retailer needed to store cardholder data because they operate with a recurring billing model (ie, their customers are billed repeatedly on a set timetable for continued access to goods/services). Utilizing tokenization would give them the ability to leave benign information (cardholder name) alone while keeping the sensitive data (credit card numbers) secured.

Rather than choosing one over the other, IT departments should be seeking a layered approach. There are a few options already available for payment processing, such as MagTek's MagneSafe program which provides E2EE at the card reader, along with tokenization formatting capabilities. Premier Payment Services (PPS') Three Step Redirect API allows e-commerce merchants to process transactions without ever transmitting or storing sensitive cardholder data. These two programs take a shot at entropy, putting a bit more order into otherwise disappointing security networks.

Want more info on Encryption and Tokenization?

Contact Premier Payment Services today at 800.573.6268 

and ask to speak to a Merchant Account Specialist

 or send an e-mail to sales@ppsbankcard.com


[ Download ]
« Return to News

Request A Quote

Know what you need but are only looking for a quote? Complete a brief form about your needs and we will promptly get you a quote!

Get A Quote.Applly Now!


We will beat your current merchant provider or we will send you $500.

Ask Us How.

Testimonials

"Premier Payment Systems has really helped us to simplify our credit card processing. With easy online access for both our members and our staff, processing has never been easier. We can check payments quickly and easily using the internet. We have also been able to easily transition to a 'pay online' system that has become such a benefit. We have been very satisfied with the low costs, and have recommended Premier Payment Systems to other businesses." -  Yvonne, Executive Director, Lombard Area Chamber of Commerce and Industry