DailyPost 1924
TOKENISATION
That the cyber security threats would decide the way the digital world will take and how much effort and pains organizations and governments will have to take to get over these challenges. The biggest threat is where the money is. The financial sector has been facing the music for quite some time. The claims and counterclaims to data leak pertaining to credit / debit cards has become a normal feature and so has the number of big and small frauds related to it. It seems to have become an acceptable reality, with no choice. Despite a variety of steps taken towards improving the authentication, the crucial data remains on the edge machine. The weakest link in the chain of computer networks involved in credit card purchase are the merchant systems. The infamous huge data breaches typically occur at merchants that store credit card data, and not the banks or payment networks that handle the card transactions.
From a credit card holder’s nightmare to a situation where your name, card number, expiration date and other information, which the hackers gets is just a meaningless jumble of numbers and letters. This is the tech transformation tokenization intends to bring. With tokenization, the only data stored on the merchant’s network is the token. PCI Council defines tokenization as “a process by which the Primary Account Number (PAN) is replaced with a surrogate value called a token.” Tokens are unrelated values. Tokens have no value outside the specific transactional ecosystem. The sensitive card data itself is stored on a server with much higher security. The token is basically a link to that data. Tokenized data is undecipherable and irreversible.
As there is no mathematical correlation of the token to the original number, it cannot return to the original form. That can happen only if the additional, separately stored data is present. As a result of which, ”any breach of a tokenized environment will not compromise the original sensitive data.” Token has no value on its own is the main element of this exercise. Starting in the year 2001, TrustCommerce created the concept of Tokenization. It was done to protect sensitive payment data for one of its clients, Classmates.com. Today tokenization has been accepted as the next level data security solution for the payment cards industry. RBI had mandated this solution from 1.01.2021 but given the fact that the infra creation might take time, it is scheduled to get operational from 1.07.2021.
Given the cyber security scenario, there seems to be not much choice. Falling prey to the increasing digital financial frauds is the growing concern amongst the customers today. Tokenization makes transactions seamless without exposing customers confidential data. Once we switch over to tokenization, details like the debit or credit card number, CVV number and expiry date will no longer be required for digital payments. Tokenization is a giant step forward shielding businesses from the negative financial impact of data theft. Just in case of breach there is no critical data available at the merchant’s end. ”Tokenization makes paying with the gadgets simpler and more secure than at any other time.”
TOKENIZATION IS THE RIGHT WAY FORWARD TOWARDS A SAFER DIGITAL FINANCIAL ECOSYSTEM.
Sanjay Sahay
Happy New Year
