Securing Online Payment Gateways

If you are like me, you take technology as it comes and you just make adjustments accordingly. I have made the jump from 8 track tapes to cassette tapes to CDs to live-streaming, all in just the past 40 years. I took shorthand in high school and learned to type on a typewriter—I used Wite Out correction fluid and those thin, plastic correction tabs to fix my errors—and this was cutting edge stuff back in the day. I now live in a time where people walk around with small computers in their hands all day and communication with someone half a planet away is possible within seconds. As technology constantly changes, we must adapt and even plan ahead, to ensure these “undiscovered roads” don’t take us down the wrong path. I mean, initially, when we first starting using the Internet, there were all types of potential threats many of us did not anticipate. New threats await us as our use of computers and hand held devices rule the day. To protect yourself, and your information on the internet, it is important to understand the newest technological advancements and how they affect our lives.

With online purchases becoming more and more prevalent in today’s world, the threat of hacking is very real. When you send your information out into the vast internet, whether it be your driver’s license number, your bank account number, or other personal material, the fact remains that it is susceptible to crooks—crooks who know how to hack information you thought was protected. What safeguards do we have when making online purchases or filling out personal forms on websites? Thankfully, revolutionary advancements in shielding sensitive details are protecting you, even if you aren’t aware they’re there.

Take, for example, encryption. Encryption takes an algorithm to transform plain text, like your credit card number, and convert it into a non-readable format called cipher text. To decipher the encrypted information, the party receiving the material must have the algorithm and an encryption key to return it to its original plain text. Built in encryption systems protect the millions of people from sensitive data breaches.

The drawback with encryption is that data can be breached on either end. The security of the data relies on the strength of the encryption. Encryption is also time consuming and somewhat expensive. The trouble is, you just never know how strong the encryption data is at your bank, your local store, or your kid’s school, so your information may be vulnerable to attack, even when you believe it has been safeguarded.

Since encryption has its detractors, tokenization has become a welcome alternative to protection of personal details. Tokenization works differently from encryption, even though they are widely mentioned together. Tokenization requires taking the sensitive data and replacing it with a token, or placeholder. This token is randomly generated and is swapped for the plain text and then it is stored in an offsite database. Essentially, the tokenization process is taking data and turning it into random, meaningless information so that if it is somehow compromised, it cannot be deciphered by criminals looking for raw data. With encryption, if they break the code, they have the desired information. Unlike encryption, tokenization does not use an algorithm to make its replacement token. Instead, data is stored in a secured token vault which stores the link between the actual data and the token. The great part about tokenization is there is no key to change the tokens back to real data, so information is safer in the long run. Tokens can be set up to reflect the actual number, or at least a portion of it, which is why your bank may ask for the last four digits of your social security number or account number. The actual numbers are saved offsite, but the token number might reflect a portion of the real data. So, say you are online and purchasing something from a company from which you have previously purchased something—your data should be saved. In this case, the token is submitted to the token vault when you request to use the card and the index retrieves the real data for use in the authorization process. The company receiving the data feels no lag time—they are given the real data immediately, yet the “switch” was made in the cloud token vault.

Tokenization is now widely used by vendors because the real data is kept off site. With encryption, it is still within their database, even if it is encrypted. The Payment Card Industry Security Standards Council holds merchants to compliance standards to ensure clients’ information is protected. Both encryption and tokenization are accepted under these standards, but the encryption method leaves the merchant more at risk of a breach than tokenization does.

Some key vendors use tokenization for payment, including Visa, MasterCard and American Express. These big three are looking to standardize tokenization in the payment industry’s sector. Their push for tokenization stated this new standard would “help provide the payments community with a consistent, secure and interoperable environment to make digital payments” according to The Motley Fool, an online source. As a matter of fact, MasterCard has teamed with has teamed with Synchrony Financial and Citi Retail Services to use tokenization in their transactions, making it the first payments network to do so. Through MasterCard’s Digital Enablement Services, or MDES, MasterCard can offer tokenization services that can ensure purchases can be made from any internet connected device while also delivering the safety customers expect. Not only does this new technology give consumers the opportunity to make their selections online, revolutionizing the way we shop, but it also alleviates the lingering worry that your credit card information will be stolen online. Since there are more ways to purchase items, including through phone apps, ecommerce, and reoccurring payments, having the information stored in an off-site token vault makes the transactions even safer than ever before.

Consumers today can rest assured their information is protected to its fullest extent when tokenization is used. It’s the wave of the cyber-future, making online purchasing the most practical and convenient way to shop.