The Internet has ushered in an “instant gratification” mentality among consumers. That’s great for impulse buying and also great for retailers who now, via online presence, get the benefit of a sale even when it happens in the wee hours of the morning with the click of a mouse.
But retailers must also facilitate payments that are just as instantaneous or — as a white paper by TokenEx found — consumers will quickly take their business to the next website. It is imperative, according to the company’s research, that retailers establish an ominchannel presence, through which companies operate across varying purchase points such as online storefronts, call centers, apps or even checkout kiosks that now dot physical brick-and-mortar locations.
Of course, establishing an online presence that allows for payments to be processed at multiple points, 24 hours a day, 365 days a year, brings with it data security concerns. With the raft of data breaches that have dominated the news in recent months, hitting enterprises as varied as health care companies and government agencies, TokenEx’s reminder that data stored anywhere is vulnerable to attack could not be more timely.
TokenEx noted in its research that tokenization provides a stringent avenue of data protection but, according to the white paper, also allows companies to “grow past traditional acceptance channels without adding additional risk.”
Simply put, tokenization helps boost security by “swapping out” what could be termed sensitive data, which would include payment card or bank account numbers and data, and replacing that data with randomized numbers. That randomization differs from encryption as the latter has data that is still, as TokenEx termed it, “mathematically locked” within code that is generated. Because tokenization involves random number generation, there is in fact nothing to decrypt. Tokens are also flexible,and can be designed to employ single-use or multi-use functions (in the event of, say, repeat customers who use their credit or debit cards on a steady basis).
In systems such as the company’s own TokenEx platform, sensitive data is stored offsite, and the tokens themselves are stored “locally” with the merchants themselves. The cloud offers yet another layer of security and also helps satisfy PCI standards (which are numerous, as per the white paper, with 300 standards alone that must be met to be certified for credit card data).
The need for security, of course, extends beyond payment data and embraces all types of information, perhaps most notably personally identifiable information (or PII). In this case, the cloud helps keep data away from “physical” servers and also means that PCI compliance can be met across varying, and changing, regulations.
The cloud also offers what TokenEx defines as a “seamless” platform bridging processors, gateways and the service providers themselves. Yet building a successful cloud-based tokenization platform remains no mean feat, especially on-premise, according to the white paper, and information security officers may find time and expense saved through adoption of third-party platforms. That “buy rather than build” mentality may indeed suit retailers who, while seeking to expand and protect their omnichannel presence, already face razor-thin profit margins.
Current tokenization solutions, used in conjunction with payment gateways, are largely lacking in security, according to TokenEx. The payment gateways themselves deal solely with payment data and not the personalized information referenced above, or, say, international rules and regulations, which may be of increasing importance in the light of cross-border transaction growth.
One key beneficiary of robust tokenization and cloud efforts, according to TokenEx: the insurance industry. In the insurance arena, companies are expanding globally and are adding payments operations that include call centers and Web stores. As they expand beyond home shores, insurance companies also have the additional burden of new regulatory compliance with other countries. And given the range of sensitive data that is routinely collected on current and prospective consumers/subscribers — which encompass financial and even health-related information — tokenization seems an ideal security measure.