The Process of Tokenization


Data security is paramount to many businesses, none more so than the credit card processing industry. Customers need to know that personal payment information is secure at the time of transaction and merchants need to make sure the data stays secure. Host Merchant Services offers the most secure form of data storage for payment information, called tokenization. Tokenization is one of the many features of the HMS Express platform offered here at Host.

What is Tokenization?

Tokenization is the process of taking sensitive data as input such as credit or debit card numbers and returning a “token” that represents that sensitive data as output. The token is typically made up of upper- and lower-case alphabetic, numeric and special characters depending on the algorithm used to encrypt the data, and it typically has no relationship with the sensitive information it replaces. The provider stores the encrypted data in a PCI compliant and secure database “in the cloud”. The merchant stores the token which is a unique pointer to that data, but has no means to decrypt the data. So a card can be stored securely and referred to for processing a transaction, but the data cannot be stolen or decrypted with only the token.  If tokens are stolen by a hacker, they are useless because they do not contain any cardholder data. The concept behind tokenization is remarkably simple: Data thieves can’t steal what isn’t there.

Payment Processing Applications

In credit card processing, information can be tokenized when a card is swiped at the merchant’s point of sale (POS) system or when payment details are entered into a virtual terminal. Once a system has the cardholder data, it is passed to the credit card networks for authorization. After being authorized, a token is randomly generated that is passed back to the merchant, and stored in place of the customers credit card numbers. This process increases a merchants base level of security, and can help them avoid costly data breaches.

Benefits of Tokenization

Tokenization is useful for merchants who need access to sensitive information, but do not want to store that sensitive information themselves. The process allows the data to be stored by the PCI-DSS certified merchant gateway provider as opposed to being stored by the merchant. One feature that tokenization can provide is the ability to process recurring transactions without the risk of storing card numbers locally. On a recurring transaction, the merchant passes the token back to the processor and the processor then looks up the token and generates a transaction based on the cardholder data associated with that token.

This process benefits many different industries such as web hosting companies or fitness centers who bill customers a set amount each month, and want to avoid the risk of storing large amounts of payment information. Some other features of tokenization include the ability to analyze card usage and generate unique token values for each customer. This allows for useful features such as fraud protection and loyalty programs.

In Conclusion

The process provides undecipherable, unique tokens for each transaction. Merchants store the token, not the card number and the tokens can be used for future transactions as well as returns or refunds. The system allows merchants to reduce their scope of PCI Compliance, and lessens the burden of transmitting, processing and storing payment data. Host Merchant Services can seamlessly integrate our payment gateway and it’s many features with any software, giving merchants the ability to outsource their payment acceptance and the associated risk.  To find out what tokenization can do for your business, contact us now. For more on tokenization, download Visa’s best practices guide, and check out Host Merchant Service’s PCI Compliance Initiative for more on security.

Save Time, Money, & Resources

Categories: eCommerce

Get Started

Ready for the ultimate credit card processing experience? Fill out this form!

Contact HMS

Ready for the ultimate credit card processing experience? Ask us your questions here.