tokenization

In a credit card transaction, a token typically contains only the last four digits of the card number. The rest of the token consists of alphanumeric characters that represent miscellaneous cardholder information and data specific to the transaction underway. When an authorization request is made to verify the legitimacy of the transaction, the actual card number is used only in the initial request. The token is returned to the requester instead of the card number along with approval or rejection of the transaction. The token is stored in the point-of-sale (POS) system but the credit-card number is not.

Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored in databases and exchanged freely over networks. Tokenization improves on encryption technology by keeping sensitive information out of the data stream. With the proliferation of identity theft and the consequent increased risk of ruinous civil and criminal proceedings, many corporations are turning to tokenization to minimize exposure and cost while maximizing their own security and that of their customers.

Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.

Learn More About IT:
Joel Dubin explains the compliance benefits of tokenization.
Dr. Heather Mark describes the rationale behind Shift4's tokenization technology and outlines how it works.
Steve Sommers discusses the benefits of tokenization technology.

Learn more about Security Token and Smart Card Technology

	Identity and Access Management Services, Systems and Technologies: This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan.
Exploring authentication methods: How to develop secure systems: Discover authentication options and learn how to implement, maintain and secure methods of authentication, such as biometrics and smartcards to avoid breaches and protect data.
Quiz: Next-generation authentication: A five-question quiz to test your knowledge of the content presented by expert Mark Diodati in this lesson of SearchSecurity.com's Identity and Access Management Security School.
	Future authentication technologies: How to choose the right product: In this Identity and Access Management Security School lesson, Burton Group's Mark Diodati explores innovative and cost-effective user-based authentication technologies.
Spy vs. Spy: Excerpt from Chapter 6 of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day.
Lesson/Domain 2 -- Security School: Training for CISSP Certification: SearchSecurity.com Security School webcasts are focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge."
Authenticating users: User authentication is critcal to ensure proper authorization and access to systems and services. Peruse these resources on two-factor and Web services authentication, and more.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT First Data, RSA push tokenization for payment processing The encryption-token service could compete against vendors offering format preserving encryption to secure payment transactions. How to log in to multiple servers with federated single sign-on (SSO) Single sign-on is a rapidly evolving technology that, when partnered with federation tools, can offer a greater and greater level of granularity for... Best Authentication Products Readers vote on the best digital identity verification products, services, and management systems, including PKI, hardware and software tokens, smart...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary authentication server  (SearchSecurity.com) An authentication server is an application that facilitates authentication of an entity that attempts to access a network...(Continued) Chameleon Card  (SearchSecurity.com)