Tokenization: Today's Challenge

While encryption transforms data using a specific algorithm, data tokenization substitutes surrogate data (the token) to replace the data that needs protection

Einen Spezialisten kontaktieren Chatten Sie mit uns

Tokenization

Multiple methods exist for generating tokens and protecting the overall system; but in contrast to encryption, no formal data tokenization standards exist. One common approach is to deploy a centralized data tokenization service that generates tokens, performs the substitution, and stores the token and corresponding original data, allowing it to de-tokenize (substitute the original value for the token) when an application needs to use the original data. Alternative approaches avoid the need for a central data tokenization service and repository by utilizing secret, pre-generated look-up tables that are shared with applications.

Learn how tokenization can be a valuable tool to aid
in securing your digital transformation.

Watch webcast; Tokenization:
Ready for prime time

Challenges
Solutions
Benefits
Related Resources

Protecting Keys

The tokenization process helps to reduce the scope of compliance audits because customer credit card numbers, for example, are exchanged for tokens as soon as they are captured at a point-of-sale terminal, after which that data is no longer in compliance scope because the data no longer contains actual credit card numbers. With credit card tokenization, PCI data remains in tokenized form by default, so any system that cannot access the de-tokenization service has the potential to be out of scope. For organizations to take advantage of the potential to reduce scope, they need to follow the guidelines issued by the PCI Council regarding the deployment of tokenization.

Maintaining Data Format

Tokenization is commonly employed by applications that require the protection of tightly formatted data. For these types of applications, a substitutional approach such as tokenization is a natural fit.

Regulatory Compliance

The PCI tokenization process helps to reduce the scope of compliance audits because customer credit card numbers, for example, are exchanged for tokens as soon as they are captured at a point-of-sale terminal, after which that data is no longer in compliance scope because the data no longer contains actual credit card numbers. Data remains in tokenized form by default, so any system that cannot access the de-tokenization service has the potential to be out of scope. For organizations to take advantage of the potential to reduce scope, they need to follow the guidelines issued by the PCI Council regarding the deployment of tokenization.

Delivering Data Protection

Products and services from Thales eSecurity can help enable effective, high assurance PCI tokenization solutions to protect customer information, reduce scope of regulatory compliance, and contain cost.

Thales Vormetric Vaultless Tokenization with Dynamic Data Masking helps organizations address security and compliance objectives with minimal disruption and administrative overhead.

Thales Vormetric Vaultless Tokenization with Dynamic Data Masking tokenizes sensitive PCI data such as primary account numbers and remove them from the cardholder data environments that encompasses the PCI DSS audit scope.

Reduce Scope of Compliance

Deploy high assurance PCI tokenization solutions to protect account data and reduce compliance costs. Utilize industry best practices recommended by auditors and PCI DSS guidelines to protect the integrity of tokenization systems.

White Paper : The Power of Tokenization for Protecting Sensitive Data

Protecting sensitive data is a challenge. And, the historic digital transformation has made this challenge even greater by the exponential increase in data.

Download

Data Sheet : Vormetric Data Security Platform

The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management.

Download

White Paper : Vormetric Tokenization with Dynamic Data Masking

For too many IT organizations, complying with the Payment Card Industry Data Security Standard (PCI DSS) and corporate security policies has been far too costly, complex, and time consuming. Now, Thales eSecurity offers a better way. Vormetric Tokenization with Dynamic Data Masking helps your security team address its compliance objectives while gaining breakthroughs in operational efficiency.

Download

White Paper : Fortrex: Evaluation of the Thales eSecurity token server

Fortrex Qualified Security Assessor (QSA) evaluated the Thales eSecurity Token Server, and determined when properly implemented and configured within a secured cardholder environment, it can reduce the scope of the systems included in the scope of a PCI DSS assessment. They also qualified that the solution can be leveraged to tokenize other sensitive data within a corporate environment. Fortrex detailed their evaluation process in their white paper, Evaluation of the Thales eSecurity Token Server.

Download

White Paper : How Format-preserving encryption tokenization addresses PCI DSS

Fortrex Qualified Security Assessors (QSA) have authored this important white paper to help clarify the PCI DSS position on when and how to use Cryptographic Tokens, Tokens created using Format Preserving Encryption (FPE).

Download

Thales eSecurity ist unser Standard. Wenn eine Verschlüsselungslösung benötigt wird, lautet die Antwort immer: Wir setzen auf Thales eSecurity. Damian McDonaldVice President of Global Information Security, Becton, Dickinson and Company

Meine Bedenken bei der Verschlüsselung bezogen sich auf den Mehraufwand für die Benutzer- und Anwendungsperformance. Mit Thales eSecurity merken die Mitarbeiter nicht einmal, dass es überhaupt läuft. Karl MudraCIO
Delta Dental of Missouri