By Dane Ashworth
Credit card tokenization has been around for several years but few companies have implemented or understand how the process works. Credit cards that are processed natively within your software systems typically write the credit card information into their database and then send it out for approval through the payment gateway. The credit card number is typically encrypted since it is stored in your database. Encryption solves the problem of a hacker stealing a copy of your database, backup file or tape and consequently gaining access to the raw credit card information. However it doesn’t solve the issue of a malicious employee who has access to the credit card data as a part of their day-to-day job duties. Users need access to the credit card information on file in an unencrypted format in order to pass the number up to the payment gateway for approval.
Credit card tokenization involves a slightly different process. When credit card tokenization is implemented, the credit card information is immediately sent via encrypted communication to the payment gateway without writing the information to the local database. The payment gateway stores the credit card information in its own credit card vault and returns a token to the software system as a reference. The software will then use this token to make future credit card charges and may also store the token for long-term use.
Credit card tokens are safer than regular credit card numbers because the token is unique to that specific gateway and merchant account. Any fraudulent use of the credit card by an employee via the token would immediately point to the source of the fraud. Tokens also typically have a very short lifespan and are usually renewed with each use of the card. The credit card tokens are also of no value to a hacker because they must be processed using the same merchant account in order to charge the card.
TimeShareWare’s SecurePay application uses tokenization which is PCI compliant and is PA-DSS certified. Contact TimeShareWare to see how SecurePay can increase the security of your credit card information and help safeguard your customers.