SecurityCents Blog

Insights on payment data security, payments news and trends

Tokenization in an Omni-Channel World


goldsilver-tokens-300x200The BIG Show, NRF in New York, is just a few days away and looking at the sessions, I see there will be plenty of talk about the “omni-channel” shopper and “tokenization” as a data security strategy. Retailers who are looking to enhance the security of their payment data while it moves though various card-present and card-not-present environments should know that not all tokens are created equal.

An effective token should address the following needs:

  • It should be usable in all systems where a Primary Account Number (PAN) is used today as an identifier. It should be seamless and not require rewriting of those systems.
  • It should protect the PAN and not be an encrypted form of the PAN.
  • It should be unique per card number to allow for analytics and reporting. This type of token is known as a card-based or “multi-use” token.
  • It should transcend any single sales channel, but be unique across a single enterprise. This provides additional protection in that the use of the token is limited to that enterprise, further reducing its potential value to thieves.
  • When needed, it should be possible to retrieve the original PAN from a token under highly controlled and defined scenarios.

Recent studies reveal that the majority of consumers shop cross-channel, within the same buying cycle. They may see something in a window, research it online, stop at the store to look at it, and finally buy it online. In order to best serve that customer, today’s merchants need systems and tools that provide the consumer with the same experience and options across all of its sales channels. Many tokenization systems today are unique to a particular sales channel. This can be because they are processor-based, or developed internally by a group responsible for only a single channel. Quite often merchants utilize different processors for their e-commerce and their brick and mortar transactions. Ideally though, your tokenization system accommodates ALL channels and scenarios.

Stop by our booth at NRF and ask our tokenization experts how our multi-use tokens can help your organization secure payment data, reduce PCI scope, track customer behavior and ensure a consistent experience across channels. .