How secure is tokenisation?

Tokenisation is expected to be one of the next big things in payment technology. Credit card numbers and expiry dates are substituted by a unique 16-digit number, called a token.

A growing number of retailers in the US are already using tokenisation technology. In July, Apple launched their contactless payment system in the UK, which uses tokenisation technology. Indue is collaborating with Visa to roll out tokenisation in Australia.

Tokenisation is becoming more popular, as companies work out how best to use the technology. But how secure is tokenisation? Let’s look at both sides of the debate.

Advantages of tokenisation

Tokenisation is easy to use. There’s no need to manage encryption keys. Tokens are formatted in a similar way to card information, which means merchants do not need to make changes to their current payment systems.

Tokenisation can be applied to all types of sensitive data, not just credit and debit card numbers. There are a multitude of business benefits that come from tokenisation.

But in order to implement tokenisation successfully, companies must identify the specific data to encrypt. Although this requires intimate knowledge of the data profiles, tokenisation gives businesses greater flexibility in selecting, and limiting the data that needs to be protected.

Tokenisation eliminates the need for sensitive payment card data to be stored within your business environment, meaning it can make a positive impact on cybercrime. In particular, tokenisation protects card data from being stolen from merchants.

Concerns with tokenisation

There are some limitations to tokenisation technology. Tokenisation substitutes surrogate data (the token), replacing the data needing protection. Multiple methods exist for generating tokens and protecting the overall system.

Tokenisation systems themselves can become attractive targets for fraud. Access to tokenisation systems require real-time access. This, by its nature, raises concerns about security, because tokenisation systems are stored within the cloud or on a central system. The original payment card data stored can still be a target for criminals.

To ensure tokenisation transactions are truly secure, common systems and infrastructure must be built to support the technology.

The verdict

The benefits of tokenisation far outweigh the barriers to adoption. As new payment technologies are emerging to protect customer’s financial information, financial institutions and retailers need to be wary that not all systems are created equal.

Tokenisation cannot be used in isolation. It needs to be implemented properly for it to be secure. We recommend evaluating products carefully to determine the best fit for your business and payments models.

As technology and customer habits evolve, tokenisation is expected to be compatible with future payment methods. Criminals are always going to try and find a way to corrupt secure payment systems. But those players implementing tokenisation will be on the front foot, ready for the opportunities and challenges that the future of payment technology brings.

To find out more about tokenisation and how the technology can work for your business, click here to contact a member of our expert team.

Share this article:<br>Share on LinkedIn
Tweet about this on Twitter