Category Archives: eMerchant Broker

Choosing Between Tokenization & End-to-End Encryption

Data security is a leading concern of every player in the payment card industry. Two emerging technologies: Tokenization and End-to-End Encryption are now eyed to improve data security across the industry.

A study by PriceWaterhouseCoopers (PwC)recently carried out on behalf of the Payment Card Industry Security Standards Council shows that these two emerging technologies are top choices for firms like eMerchantBroker that seek to offer their customers chargeback protection and other payment card data security. However, the two approaches have their share of shortfalls and industry experts are divided between them. Both tokenization and end-to-end encryption have theirproponents. This begs the question, which among the two really promises better security?

Tokenization

This is a data security approach that involves switching a sensitive data element with its non-sensitive equivalent termed as a token. The token which replaces sensitive card data information generally has no exploitable or extrinsic meaning or value. It’s just a series of unique id symbols designed to keep all the critical data without compromising its security.

End to end encryption

This is a system of communication where messages are encoded in a way that only the communicating users can decodethe contents. In the card data security context, end-to-end encryption is encryption of the data field;a continuous protection of the integrity and confidentiality transmitted data by encrypting it at itssource, and then decrypting at the destination.

This encryption enables data to travel safely to its recipient through vulnerable channels. At the destination, the data can safely be decrypted. A virtual private network (VPN) for instance uses this form of encryption.

Which is the better?

The question is not whether either of the two is the better, rather, the better question is: which approach between tokenization and end to end encryption best fits into your organization’s existing security architecture. The nature of protection required will play a major role here. If you are a small organization then tokenization will be sufficient. But if you are a big corporation, tokenization may not address all your data in use. As such, you may want to consider an end to end encryption approach.

With these considerations in mind, making a selection between the two card data security approaches should be a mere walk in the park.