What is tokenization?

Recently, MasterCard and Visa adopted a new security platform called tokenization, which is being touted as being able to stop credit card fraud. But, what is it and how does it work?

According to Bankrate, tokenization is a process by which credit card numbers are replaced with a randomly generated string of alphanumeric characters, called tokens, to protect against data theft during a transaction. As only the token, not the actually account number, passes through the payment system, the only thing that is susceptible to theft is that token. In the system, the token is used to process the payment but, outside the system, it is meaningless if stolen.

The process is similar to EMV, or embedded chip, cards. Card information that is stored on the chip is encrypted, offering two forms of protection. The first is against physical theft, as EMV cards cannot be cloned i the same way that magnetic strip cards can due to the encryption. The second, which is similar to tokens, is that only the encrypted data is sent to payment processors, not actual account information. 

That also exemplifies the key difference between the two technologies: while EMV is better for transaction with a physical card, tokenization offers similar security for card-not present transactions. 

Things like smart cards and mobile payment apps are where tokenization use will be critical. Google's new Android Pay app uses token and there is growing pressure for Apple to adopt the technology as well (They currently use a similar, proprietary standard).

"If the security, telecom and financial services industries get it right, customers will increasingly trust new mobile payment models," Malte Pollmann, CEO of security hardware manufacturer Utimaco told Bankrate. 

Tokenization is relatively new and far from a universally accepted standard, like EMV, but it signifies the growing concern for credit card security and the need for new solutions. 

