XiSecure

• Tokenization

• See Also

The XiSecure On-Demand service provides the ability to use a token in place of a credit card number throughout a merchant's system to provide another layer of security and support compliance with the Payment Card Industry - Data Security Standards (PCI-DSS).

Tokenization

Tokenization is:

• An alternative to encryption.

• A technology that eliminates storage of sensitive information in enterprise systems and application databases.

• Replaces sensitive information/PII with a unique “token” or surrogate that retains the original data format or takes on a new format.

• Tokens can be used just the like the original data without the risk of exposing its inherent value.

Tokenization is the process of replacing a sensitive piece of data (such as the cardholder’s raw card number) with a value (a token) that is not a hash or encrypted form of that sensitive piece of data.

The original data is encrypted and stored in a secured vault (XiSecure On-Demand vault) on a different system, outside the company’s environment, and the token is a pointer to that encrypted data within the vault.

The raw card number is replaced by a token which is a random string that is not an encrypted or hashed version of the card (example if the raw card number is 4444333322221111 then the token may be –E803-1111-B121000989123Z). This token is sent back to the requesting system to be used instead of the raw card number when a call is made requesting authorizations or settlements for that card.

The token is a multi-use token in that it can be used instead of the raw card for the life of the card as long as it is used from a merchant system integrated with the tokenization solution. The On-Demand solution employs system authentication via client certificates to validate the requesting system.

See Also

• Token Formats

• Security Requirements - Client Certificates

• Token Usage (Token Awareness)

• Failure Tokens