One of the biggest payments challenges for merchants is how to handle payment data - whether it’s at the POS or in the remote domain where e-commerce and mobile payments take place. A lot of this concern is driven directly by PCI DSS compliance and broadly by the reputational risk data breach represents.
One of the major techniques merchants employ, in order to remove the need to store payment data, is tokenization - the replacement of the high value card data with a low value representation managed by another party. Merchants just store the token for lookup purposes while the third party maintains the database that links these low value tokens to the true primary account number or PAN.
At Glenbrook, we refer to these as merchant tokens because they are specific to and paid for by the merchant. We’ve also heard them referred to as acquirer tokens because the tokenization function is often performed by the merchant’s acquirer, processor, gateway, or payment service provider.
Makes sense, right? Put the radioactive payment card data into another party’s hands.
But for large and mid-size merchants, the provision of tokenization services to an acquirer has a few downsides:
In this Payments on Fire® episode we talk with Alex Pezold, CEO of Token, an acquirer neutral, independent tokenization provider. We talk a lot about protecting payment and bank account data. But we also address the growing need for protecting other data assets and how tokenization can help accomplish that.