How Tokenisation Can Minimise The Impact Of Security Breaches
Security breaches are potentially devastating for retailers.
With GDPR coming into force in May 2018, a security breach – one that is proven to be preventable had the right data protection tools been in place – could cost a company up to 4% of turnover, or €20 million (whichever is the higher figure).
Security breaches also damage reputations and often lose customers.
No one wants the risk of customer data being sold of the dark web and used to blackmail a brand, damage a reputation in the media, or used to steal the identity of your customers. All three could happen if your customer data falls into the wrong hands, alongside the risk of those large fines a company could get under GDPR.
Tokenisation is the way forward
Instead of customer data, potentially including card details, sitting within your systems or contained within your payment providers systems, data is stored as tokens instead.
Payment card details are converted into token IDs, effectively making them worthless to any cybercriminal. Without an encryption key – stored within the payment network and impossible to find – no one would know whose card details belonged to which customer. Those two pieces of information are entirely separate from one another.
Once converted and encrypted, they are securely transmitted and converted back into usable data by the payment processor, to ensure a transaction can still go through. Since the data is completely anonymous, it’s of no use to a cybercriminal. They can’t un-encrypt the information and turn the tokens into card details.
For a more detailed exploration of tokenisation and its applications, download our whitepaper here.
Other benefits of Tokenisation
Not only does this prevent external fraud; your business is better protected from internal fraud. A potentially fraudulent member of staff or third-party provider – should they get anywhere near the data – wouldn’t be able to use token IDs for anything dishonest.
Tokenisation also makes it far easier for merchants to adhere to PCI compliance, since retailers don’t need to invest heavily in security systems that would need testing externally. Nothing is stored that, if stolen, would cause any material damage to your customers.
Tokenisation also works on other payment methods too. So whether your customers want to pay using Alternative Payment Methods such as Alipay, a gift voucher or even near field communication (NFC) their personal data is secure. As a fraud prevention method, tokenisation is well worth investing in – or working with a payment provider who’s already equipped – alongside other security systems to protect your customers from fraud and cyber attacks.
We recommend that merchants explore tokenisation fully as a part of their actions to become GDPR compliant. If you would like to discuss this in more detail with a security expert, contact our team.