tokenization

In a credit card transaction, a token typically contains only the last four digits of the card number. The rest of the token consists of alphanumeric characters that represent miscellaneous cardholder information and data specific to the transaction underway. When an authorization request is made to verify the legitimacy of the transaction, the actual card number is used only in the initial request. The token is returned to the requester instead of the card number along with approval or rejection of the transaction. The token is stored in the point-of-sale (POS) system but the credit-card number is not.

Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored in databases and exchanged freely over networks. Tokenization improves on encryption technology by keeping sensitive information out of the data stream. With the proliferation of identity theft and the consequent increased risk of ruinous civil and criminal proceedings, many corporations are turning to tokenization to minimize exposure and cost while maximizing their own security and that of their customers.

Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.

Learn More About IT:
Joel Dubin explains the compliance benefits of tokenization.
Dr. Heather Mark describes the rationale behind Shift4's tokenization technology and outlines how it works.
Steve Sommers discusses the benefits of tokenization technology.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Security Token and Smart Card Technology,   Enterprise Identity and Access Management,   User Authentication Services,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Risk management must include physical-logical security convergence If your organization is serious about managing risk and total asset protection, then physical-logical convergence is a necessary step. RSA researcher Ari Juels: RFID tags may be easily hacked SearchSecurity.com caught up with Dr. Ari Juels and asked the well-known cryptographer about RFID security, cloud storage innovations and his new... Portable security storage device could replace OTP devices A new USB-like device, hardened with security features, could overtake one-time password devices and give end users flash memory to carry around...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary authentication server  (SearchSecurity.com) An authentication server is an application that facilitates authentication of an entity that attempts to access a network...(Continued) Chameleon Card  (SearchSecurity.com)