The safeguard of tokenization

By: Dane Ashworth

Credit card tokenization has been around for several years, but few companies have implemented or understand how the process works. Credit cards that are processed natively within your software systems typically write the credit card information to their database and then send the credit card out for approval through the payment gateway. The credit card number is typically encrypted as it is stored in your database. Encryption solves the problem of a hacker stealing a copy of your database or even a backup file/tape and gaining access to the raw credit card information, but it doesn’t solve the issue of a malicious employee who needs access to the credit card data as a part of their day-to-day job duties. Users need access to the credit card information on file in an unencrypted format in order to pass the number up to the payment gateway for approval.

Credit card tokenization involves a slightly different process. When credit card tokenization is implemented, the credit card information is sent via encrypted communication immediately to the payment gateway without writing the information to the local database. The payment gateway stores the credit card information in its own credit card vault and returns a token to the software system as a reference. The software will then use this token to make future credit card charges and may also store the token for long-term use.

Credit card tokens are safer than regular credit card numbers because the token is unique to that specific gateway and merchant account. Any fraudulent use of the credit card by an employee via the token would immediately point to the source of the fraud. Tokens also typically have a very short lifespan, and are usually renewed with each use of the card. The credit card tokens are also of no value to a hacker because they must be processed using the same merchant account in order to charge the card.

TimeShareWare’s SecurePay application uses tokenization, is PCI compliant and is PA-DSS certified. Contact TimeShareWare to see how SecurePay can increase the security of your credit card information and help safeguard your customers.

If you would like more information or a demonstration of how TimeShareWare can help you protect your customers’ credit card information, please contact us at 801-444-3113 or email us at