Tokenisation vs. Encryption How to Keep Your Data Secure
Published on : Monday 01-02-2021
While data has become an important source of monetisation, fraud-incidents and online thefts are continuously on a rise.
It has been more than a decade since we first heard the expression ‘Data is the new Oil’. As enticing as it sounded back then, data has managed to fuel up economies across major markets today. Building customer loyalty has taken a centre stage for enterprises today, offering higher returns for the time, effort and money they have been investing to provide a better experience to their customers. As data becomes more and more valuable, a major challenge for organisations today is to identify the right technology mix that maintains the integrity of their customer’s information. The Forter Fraud Index report has pointed out that loyalty frauds have increased by 89% in 2019. While enterprises focus on attracting customers through their loyalty programs, their rewards have continuously proven to be more lucrative to cybercriminals.
Encryption
Data encryption has been one of the most prominent methods of data protection since 1973. The process involves the usage of encryption keys to alter data, making it unreadable to someone who does not possess the decryption key. Being the most common methodology used by businesses for data protection, encryption is often used by businesses to protect different types of sensitive data, viz., personally identifiable information (PII) of customers, cardholder’s information, point of sale (POS) data, etc. However, encryption has its own set of drawbacks as it uses a key to encode the data, thereby causing a dependency on the strength of the algorithms used to generate this key. A stronger algorithm is usually difficult to decode, but all encryption is eventually breakable.
Tokenisation
Tokenisation is a process that secures the transmission of sensitive data by replacing it with randomly generated unique identifiers referred to as ‘tokens’. This process allows data to be processed without exposing sensitive details that could breach security and privacy. While tokenisation uses a token to protect data, it is irreversible when compared to an encryption key. Commonly used in the payments ecosystem, tokenisation is used to replace credit card account numbers with tokens for online and POS transactions. As original information is not stored in these tokens, and due to the random nature of their assignment, they cannot be reverse engineered to decode the original data.
Both encryption and tokenisation play an important role in reducing customer’s data exposure. However, tokenisation is less vulnerable than encryption and often used by merchants to achieve PCI DSS (Payment Card Industry – Data Security Standard) compliance.
Tokenisation in Hospitality & eCommerce Industry
Hotels and online retailers often use a large number of third-party vendors. This includes different payment vendors, franchisees, selling platforms and outsourcing service providers. The involvement of multiple players in the ecosystem increases the workload and expense of maintaining data security standards while sharing a customer’s sensitive data (Personally Identifiable Information). This data may involve a customer’s card information, app username/password and services a particular customer has availed of. Tokens are a good alternative in such situations, as they can easily replace sensitive data points enabling an easy and secure transfer of information across the vendor ecosystem. These tokens can have time validity and are accessible to authorised applications where original data can be retrieved from these tokens.
Tokens also add another benefit of maintaining the security and privacy within the entire online ecosystem, thus enabling businesses to be digitally secured. It also protects personal data from its employees and other third-party vendors thereby preventing online infringement and maintains the integrity of the partner ecosystem. It also adds to the convenience to customers, as they can transact and utilise services whenever and wherever they want, without having to worry about their data being misused.
Tokenisation on Blockchain
One of the biggest value propositions of blockchain is the degree of transparency it provides. This is due to its decentralised nature which enhances the security of data through improved traceability. Although blockchains are immutable to a great extent, the use of tokens in a blockchain network adds an extra layer of privacy, as data breaches happen to be a daily activity today. As blockchain provides the technology to facilitate exchange, ownership and trust within a network, tokenisation has helped transform assets and rights into digital representations (tokens). These tokens help in maintaining the integrity of data even if a blockchain network gets compromised. Some other interesting use cases can be seen in the real estate industry where tokenisation helps in streamlining the investment process through smart contracts. It results in the elimination of intermediaries, making it easier for buyers and sellers to interact. At the same time, it also enables the collection and distribution of payments to beneficiary holders, with real-time reporting to regulators. Another important example is in healthcare, where tokens replace sensitive patient data that can be shared securely with other intermediaries like insurance and medical organisations.
While data has become an important source of monetisation, fraud-incidents and online thefts are continuously on a rise. Since the normal end customer doesn’t understand the relationship between a corporate brand and its service providers, it’s the brands that often take a hit in security incidents and data breaches. Under these extreme circumstances, tokenisation has proven to be an interesting regulatory-compliant alternative for enterprises to protect their finances, reputation and customers.
References:
1. https://www.businesswire.com/news/home/20191015005167/en/Forter-Fraud-Attack-Index-Reveals-89-Increase
2. https://www.htng.org/news/389354/HTNG-Produces-Payment-Tokenization-Specification.htm
3. https://www.hospitalitynet.org/news/4094427.html
4. https://home.kpmg/us/en/home/media/press-releases/2019/09/kpmg-study-finds-digital-tokens-are-transforming-the-way-consumers-interact-with-each-other-and-businesses.html
5. https://retailtouchpoints.com/features/executive-viewpoints/securing-customer-loyalty-programs-with-blockchain-for-retail
(Article Courtesy: NASSCOM. The article was first published at Community by NASSCOM Insights: https://community.nasscom.in/communities/cyber-security-privacy/tokenization-vs-encryption-how-to-keep-your-data-secure.html)
