Tokenization


Comply with PCI DSS

Tokenization is an another type of data masking operation specified by the payment card industry (PCI) to be used in lieu of, or in conjunction with, Primary Account Number (PAN) encryption:

 

What is the difference between Tokenization and Encryption?

"A token is like a hyperlink to where the data is stored - no matter what you do with the token, you don't get data out of the token by itself. Tokens may have a context associated with them - so a unique version of my credit card number may be created only for use at Amazon.com without any fear that it could be used elsewhere. Likewise a different token might point to my credit card number for use on eBay.

Encryption is where the data is protected but the data is contained within - to the hacker it is clear that if they break the encryption scheme, they will find the data within."

The Swamy, Pymnts.com

IRI can provide a PCI-compliant field value tokenization function for FieldShield or CoSort SortCL users in the IRI Data Protector or IRI Data Manager Suite.

 

The logic flow is:

Authorized users can tokenize credit card values that may also be treated with a Format-Preserving Encryption (FPE) function first, and possibly de-tokenized later.

 

Modify and secure the function itself with the help of IRI Professional Services to comply with the PCI Data Security Standard (DSS). See this blog article for more details on IRI's current tokenization capability.