Securing sensitive data is one of the most critical things you can do in today’s modern age of online transactions and digital data storage. It’s amazing the number of security breaches that happen, even with well-known and respected Fortune 500 companies. Having your sensitive data hacked and stolen can lead to massive penalties and fines, not to mention the loss of trust from your customers. Losing your customers’ trust correlates directly with lost revenue.

Although nobody is immune to rogue data breaches, when looking at solution providers to trust with your critical and sensitive business data, be sure you understand how they secure your data.

Encryption vs. Tokenization

Both encryption and tokenization are used to protect sensitive cloud data (particularly payment data) but they differ in how each function. Encryption essentially replaces data with a “scrambled” or unreadable value that can only be read by an authorized entity that has the same encryption keys that were originally used to create the value. The main problem with this method is that hackers are continuously exploiting encryption by using powerful computers and clever software to decrypt it.  Encryption’s inherent weakness is that it can be reverse engineered back to the original data.

Tokenization, on the other hand, adds an extra layer of security. It basically takes those same encrypted values, but “tokenizes” them (i.e. converts the data into a mathematically unrelated value) and stores these “tokens” in a secure data vault. The token is then sent back to the merchant to use for future transactions.

Advantages of Tokenization

Having a tokenization solution versus using encryption alone has multiple advantages.

  1. The credit or debit card number is never accepted by the merchant in an unencrypted state.
  2. No version of the card number is stored or transmitted by the merchant, only the token that represents it.
  3. Tokens stolen by hackers due to a data breach are completely useless because they cannot be reverse-engineered back to the original card number.
  4. The keys to tokenization are stored in a secure cloud vault, unreachable by hackers.

Protect Your Customer’s Data

In order to protect your customers’ data and to be fully PCI Compliant, make sure your merchant software provider is using both encryption and tokenization, as encryption alone is not sufficient.

Xennsoft employs the latest encryption and tokenization technology when it comes to the handling of sensitive data. Feel free to reach out to one of our security experts on how to ensure your data remains secure, even in the event of a breach.