Tokenization is the practice of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. Tokens are typically created and stored in place of cardholder data. This process does not alter the type or length of data that the enterprise stores; it only masks the data with meaningless tokens.
In contrast to tokenization, encryption is a method of protecting data from being understood if it is stolen or intercepted by encrypting the information so that only authorized parties can read it. Encryption analyzes data for information and instructions on how to convert the original readable form into encoded format (called cipher) that is secret.
The difference between tokenization and encryption can be illustrated through an example. In a tokenization scenario, if a credit card number were replaced with the 16-digit token “4111111111XXXXXX”, this would mean that data stored internally would not represent a real credit card number – therefore making it more difficult to use/steal/obtain.
In an encryption scenario, if a credit card number were encrypted with AES 256-bit encryption and the key were stored separately from the data, only an authorized party who had both access to the key and knowledge of how to decrypt would be able to read it. This process also removes all extrinsic value from the data.
Below is a table that highlights the difference between tokenization and encryption:
Tokenization Encryption Definition The practice of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. The method of protecting data from being understood if it is stolen or intercepted by encrypting the information so that only authorized parties can read it. When used in reference to payment processing, tokenization most often refers to situations where a token (virtual account number) is used instead of your Primary Account Number (PAN). In this case, no sensitive PAN data ever needs to touch your merchant environment – or be visible in your logs – helping to prevent a data breach.
Typically, the token replaces only a PAN within a transaction and does not replace other sensitive information such as an address or CVC code. The payment card number is replaced with another number – called a “token” – which may have no relationship to the original number. An encryption algorithm is applied to the original data to create cipher text, which can then be safely stored. The same algorithm is used on the corresponding decryption key to recover the original value when needed.
This method is effective in masking or displaying data so that it cannot or appears not to be readily used for fraud schemes. Since tokens are meaningless outside of the systems they were created, a tokenization system must have a way to track the relationship between incoming tokens and their associated data so that any data can be linked back to a given entry in a master repository. In most cases this is done by using an encryption key as the link between the two.
A downside is that if they are compromised, it is possible for those responsible to identify all the transactions that were sent from each token. This is because a given token can only be used once – and there typically is no mechanism for it to expire or be revoked. The payment card number is replaced with another number – called a “token” – which may have no relationship to the original number. An encryption algorithm is applied to the original data so that it appears not to be readily used for fraud schemes.
The algorithm is only able to be reversed by an authorized party who has both access to the key and knowledge of how to decrypt it. This method is effective in masking or displaying data so that it cannot or appears not to be readily used for fraud schemes. Since tokens are meaningless outside of the systems they were created, a tokenization system must have a way to track the relationship between incoming tokens and their associated data so that any data can be linked back to a given entry in a master repository.
In most cases this is done by using an encryption key as the link between the two. A downside is that if they are compromised, it is possible for those responsible to identify all the transactions that were sent from each token. This is because a given token can only be used once – and there typically is no mechanism for it to expire or be revoked.