Tokenization: Today's Challenge

While encryption transforms data using a specific algorithm, tokenization substitutes surrogate data (the token) to replace the data that needs protection.

Einen Spezialisten kontaktieren Chatten Sie mit uns

Tokenization

Multiple methods exist for generating tokens and protecting the overall system; but in contrast to encryption, no formal tokenization standards exist. One common approach is to deploy a centralized tokenization service that generates tokens, performs the substitution, and stores the token and corresponding original data, allowing it to de-tokenize (substitute the original value for the token) when an application needs to use the original data. Alternative approaches avoid the need for a central token service and repository by utilizing secret, pre-generated look-up tables that are shared with applications.

Challenges
Solutions
Benefits
Related Resources

Protecting Keys

The tokenization process helps to reduce the scope of compliance audits because customer credit card numbers, for example, are exchanged for tokens as soon as they are captured at a point-of-sale terminal, after which that data is no longer in compliance scope because the data no longer contains actual credit card numbers. With credit card tokenization, data remains in tokenized form by default, so any system that cannot access the de-tokenization service has the potential to be out of scope. For organizations to take advantage of the potential to reduce scope, they need to follow the guidelines issued by the PCI Council regarding the deployment of tokenization.

Maintaining Data Format

Tokenization is commonly employed by applications that require the protection of tightly formatted data. For these types of applications, a substitutional approach such as tokenization is a natural fit.

Regulatory Compliance

The tokenization process helps to reduce the scope of compliance audits because customer credit card numbers, for example, are exchanged for tokens as soon as they are captured at a point-of-sale terminal, after which that data is no longer in compliance scope because the data no longer contains actual credit card numbers. Data remains in tokenized form by default, so any system that cannot access the de-tokenization service has the potential to be out of scope. For organizations to take advantage of the potential to reduce scope, they need to follow the guidelines issued by the PCI Council regarding the deployment of tokenization.

Delivering Data Protection

Products and services from Thales e-Security can help enable an effective, high assurance tokenization solutions to protect customer information, reduce scope of regulatory compliance, and contain cost.

Thales hardware security modules (HSMs) can play an important role in ensuring adequate levels of security, just as they do in encryption systems. Since tokenization systems depend on the use of cryptography, HSMs can protect token stores and the tokenization process, and increase the performance of token generation.

Thales Vormetric Vaultless Tokenization with Dynamic Data Masking helps organizations address security and compliance objectives with minimal disruption and administrative overhead.

Creating a Trusted Platform for Cryptographic Processing

nShield HSMs create a trusted environment where tokens can be generated, stored, and managed and tokenization/de-tokenization performed safely and securely. This trusted layer overcomes the fact that a purely software-based environment in which applications typically execute is not, in itself, sufficiently trusted to meet the needs of a tokenization system.

Thales Vormetric Vaultless Tokenization with Dynamic Data Masking tokenizes sensitive data such as primary account numbers and remove them from the cardholder data environments that encompasses the PCI DSS audit scope.

Enabling Fast Deployments and Seamless Integration

Whether you tokenize account data using your own in-house developed software, a third-party commercial tokenization product, or a shared service, nShield HSMs can play an important role. These devices are already certified to integrate with many leading tokenization products, assuring fast deployments and seamless integration with existing systems.

Reduce Scope of Compliance

Deploy high assurance tokenization solutions to protect account data and reduce compliance costs. Utilize industry best practices recommended by auditors and PCI DSS guidelines to protect the integrity of tokenization systems.

Accelerate Deployments

nShield HSMs are pre-qualified to integrate with products from leading vendors.

High Performance and Flexibility

Purpose-built cryptographic offload capabilities enable one to accelerate the generation of tokens, particularly in situations where token values are cryptographically related to the source data. Choice of performance ratings and HSM form factor enable one to deploy exactly what is needed with easy upgrades easily as needs change.

Solution Brief : Thales Prime Factors EncryptRIGHT

Download

Solution Brief : Thales Voltage Encryption

Thales and Voltage Security deliver a comprehensive solution that not only protects your most sensitive data end-to-end across your business workflow, but also securely manages the cryptographic keys that establish the foundation of trust in the system. Thales nShield HSMs integrate with Voltage SecureData to offer reductions in cost and time for privacy compliance. The combined capabilities provide comprehensive logical and physical protection that delivers a tangible and auditable method for enforcing security policies that underpin critical components of a data protection infrastructure.

Download

Solution Brief : Vormertic Data Security for PCI DSS 3.0 Compliance

Download

Video : Vormetric Tokenization with Dynamic Data Masking

In four minutes learn about the Vormetric Data Security Platform, how the Vormetric Tokenization product protects your sensitive data, removes it from PCI DSS scope, and how easy it is to configure.

Play

eBook : Thales e-Security Digital Digest On Data Security

In today’s competitive environment, enterprises earn their customers’ trust every day. Just one security incident can cause damage from which it will take years for your organization to recover.

Download

Data Sheet : Vormetric Data Security Platform

The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management.

Download

White Paper : Vormetric Tokenization with Dynamic Data Masking

For too many IT organizations, complying with the Payment Card Industry Data Security Standard (PCI DSS) and corporate security policies has been far too costly, complex, and time consuming. Now, Thales e-Security offers a better way. Vormetric Tokenization with Dynamic Data Masking helps your security team address its compliance objectives while gaining breakthroughs in operational efficiency.

Download

White Paper : Fortrex: Evaluation of the Thales e-Security Token Server

Fortrex Qualified Security Assessor (QSA) evaluated the Thales e-Security Token Server, and determined when properly implemented and configured within a secured cardholder environment, it can reduce the scope of the systems included in the scope of a PCI DSS assessment. They also qualified that the solution can be leveraged to tokenize other sensitive data within a corporate environment. Fortrex detailed their evaluation process in their white paper, Evaluation of the Thales e-Security Token Server.

Download

White Paper : How Format-Preserving Encryption Tokenization Addresses PCI DSS

Fortrex Qualified Security Assessors (QSA) have authored this important white paper to help clarify the PCI DSS position on when and how to use Cryptographic Tokens, Tokens created using Format Preserving Encryption (FPE).

Download

It’s very apparent that Vormetric is major steps in front of the competition. Sabastian High Senior manager for Product Development Standards and Innovation, McKesson, Inc.

Vormetric is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Vormetric. Damian McDonald Vice President of Global Information Security, Becton, Dickinson and Company

There is absolutely no noticeable impact on the performance or usability of applications. I am very excited at how easy the solution is to deploy and it has always performed flawlessly. Christian Muus Director of Security for Teleperformance EMEA

Implementing Vormetric has given our own clients an added level of confidence in the relationship they have with us; they know we’re serious about taking care of their data. Audley Dean senior director of Information Security,
BMC Software

Vormetric’s approach of coupling access control with encryption is a very powerful combination. We use it to demonstrate to clients our commitment to preserving the security and integrity of their test cases, data and designs. David Vargas Information Security Architect
Cadence Design Systems

My concern with encryption was the overhead on user and application performance. With Vormetric, people have no idea it’s even running. Karl Mudra CIO
Delta Dental of Missouri

The Vormetric solution not only solved all of our encryption needs but alleviated any fears of the complexity and overhead of managing the environment once it was in place. Joseph Johnson, chief information security officer CHS

As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We… Joe Majka, Chief Security Officer

Thales provided the expertise needed to design and implement a tailored, secure VoIP solution. The Thales team helped us to develop and implement a process that protects our customers’ calls and our company from counterfeiting. Marek Dutkiewicz, Director of Product Management