Tokenize PCI Data to Reduce Risk
The EncryptRIGHT® product suite includes an optional tokenization software module that reduces the scope and cost of a PCI audit. Tokenization is an increasingly popular choice for data security because it not only reduces risk of data exposure, but it simplifies security. By substituting a real value with a random token, you completely remove the threat of data theft from your information processing systems.
But tokenization's real allure is that it saves you money, said Adrian Lane, a PCI tokenization expert with Securosis, an information security research and advisory firm.
"Hackers can't steal what's not there," Lane said. "Tokenization is great for payment data security because you remove credit card numbers in tokenized systems, thus reduce the scope of a PCI audit, which helps reduce compliance costs."
EncryptRIGHT follows industry best practices for token generation and secure storage. It supports two methods of token generation: random tokenization and tokenization by encryption. Token generation uses a FIPS 140-2 compliant random number generator. Tokenization by encryption uses EncryptRIGHT's key management software and encryption to generate tokens.
The EncryptRIGHT tokenization module can create tokens that have the same format and data type as the original values, so you don't need to change your applications or databases to support tokenized values.
EncryptRIGHT tokenization software can be used for all types of processing, and is suitable for a wide range of personally identifiable information (PII) such as social security numbers, passport numbers and health records. Here are some of the common reasons why PII and credit card tokenization is a popular choice:
PCI compliance. For merchants around the world, substituting tokens for credit cards meets compliance requirements and reduces threat of data breach.
No impact on your existing systems. Tokens have the same format and data type as the original values, so you don't need to change your applications or databases to support tokenized values.
Reduced audit costs. By removing sensitive information from data processing systems, security audits are simpler, smaller in scope, easier to perform and cost less.
Tokenization is easily added to existing EncryptRIGHT deployments, supported by our secure token database. Enterprise customers can use a JDBC driver to integrate with existing Oracle and Microsoft SQL Server databases. In either case, tokenization is fully integrated with encryption, key management and logging features.