October 10, 2014
A few days ago, LTP listed the Top 10 questions on tokenization (Top 10 Questions on Tokenization).
We collected feedback from industry insiders to come up with those questions and challenged experts to answer them. Today, we are releasing the first set of answers from the payment processing firm, Shift4.
Shift4 wanted to answer to LTP’s questions and highlight some differences between true tokenization PCI redefined tokenization, and how they both apply to the Apple Pay technology.
Brief history: The concept of tokenization existed long before the term, even long before computers. Tokenization is simply referring to data via an unrelated reference number – like a case number might refer to a criminal investigation, an invoice number might refer to one or more purchased items, or a record ID might refer to any arbitrary set of data.
Tokenization can be applied to secure any data. All the answers below refer to tokenization as it applies to securing payment cardholder data (CHD) and/or Apple Pay.
1. What is the primary purpose of tokenization?