Comply with PCI DSS
"A token is like a hyperlink to where the data is stored - no matter what you do with the token, you don't get data out of the token by itself. Tokens may have a context associated with them - so a unique version of my credit card number may be created only for use at Amazon.com without any fear that it could be used elsewhere. Likewise a different token might point to my credit card number for use on eBay.
Encryption is where the data is protected but the data is contained within - to the hacker it is clear that if they break the encryption scheme, they will find the data within."
The Swamy, Pymnts.com
Authorized users can tokenize credit card values that may also be treated with a Format-Preserving Encryption (FPE) function first, and possibly de-tokenized later.
Modify and secure the function itself with the help of IRI Professional Services to comply with the PCI Data Security Standard (DSS). See this blog article for more details on IRI's current tokenization capability.