Encryption is the best known way of protecting sensitive customer data, but a new method is creeping into retailers’ consciousness.
Encryption is the best known way of protecting sensitive customer data, but a new method is creeping into retailers’ consciousness. The idea of “tokenisation” is that a fake credit card number (a token) is issued every time an online transaction occurs or everytime a new customer buys something online.
The authorisation process for credit cards happens as normal, but instead of keeping credit card details on file, each customer is assigned a unique token number. The idea is that the retailer can still identify the customer and run business analytics on the data, but doesn’t hold any data that is valuable to cyber-criminals.
Not only would this make any breach of security less harmful, it would mean the retailer becomes less of a target for attack because it will become known that it holds no valuable credit card data on its systems. The real data will be held on the retailer’s supplier’s systems, and it would be down to them to make sure it’s secure.
Things to talk about with a potential supplier would include whether or not legacy data systems could have their credit card numbers replaced with tokens, and whether there can be a process in place for when the retailer does need to access the real data. Many retailers also hold data in a variety of places, so a number of databases will need to be converted.
Robert McMillion, director of solutions development at security supplier RSA, said at this year’s Nation Retail Federation conference that it reduces the work that needs to be done by retailers. But at the moment, suppliers are offering tokenisation as a premium service - so it will cost.
No comments yet