Analyzing the Security, Compliance and Cost Benefits of Tokenization
7 Pages Posted: 30 Apr 2009 Last revised: 7 May 2009
Date Written: April 30, 2009
Abstract
Tokenization has been billed as the magic data security bullet for retailers, offering strong protection for stored sensitive data and an attractive cost-saving strategy for achieving PCI compliance. The reported potential benefits are significant enough that other enterprises have begun seriously considering tokenization for inclusion in their own data security efforts. But does the technology live up to the hype? According to Protegrity’s Chief Technical Officer Ulf Mattsson, tokenization can provide measurable benefits when deployed as part of a risk-based holistic data security solution, but it’s not best suited for every business - in some cases, the expense and time spent fitting a system and applications for tokenization may outweigh the benefits.
In this Interview with the CTO, Mattsson examines the positive effects and potential drawbacks of tokenization and outlines the issues that retailers (and enterprises) should consider when weighing whether to deploy tokenization, as well as the system architecture, policies and procedures that should be implemented to get the best out of the technology.
Keywords: PCI DSS, tokenization, database, security, encryption
JEL Classification: C88
Suggested Citation: Suggested Citation