A security company that verifies customer details when they make payments online is using tokenisation to speed...
up its processes and protect credit card details from fraud.
Tokenisation is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
192business has to comply with PCI DSS to ensure any credit card details it holds as it conducts verification are fully protected from fraud.
Encryption is the conversion of data into a scrambled ciphertext that has to be decrypted to convert the data back into its original form, but these processes typically slow down data transfer times.
“With speed dictating the user experience, we could not afford to be even a second slower than our competition or we could lose a contract,” said Andrew Agnês, head of infrastructure at 192business.
Read more about tokenisation
- PCI tokenisation best practices guidance offers flexibility
- PCI-compliant POS: Retail chain nears PCI compliance in the UK
- PCI DSS 2.0 brings clarity and guidance for merchants
- How to reduce PCI scope with credit card tokenisation
- Understanding tokenisation: What is tokenisation and when to use it
- PCI tokenisation: Credit card security policy guidance
“Using tokenisation, details can now be verified in less than a second, allowing the online transaction to take place with little or no delay,” he said.
Agnês was also concerned that encrypting and decrypting data creates a set of rules that, given enough time and resources, can be broken eventually by cyber criminals.
He evaluated four tokenisation systems to determine which could most effectively meet the speed and security needs of his business.
Only Liaison Protect from Liaison Technologies met all requirements.
“Liaison’s tokens also retain the 16-digit size of the original payment card number applications, which others don’t. This meant our business processes could run without modification,” said Agnês.
Reducing cost and complexity
In addition to eliminating concerns around the latency and long-term security of encrypted transactions, tokenisation also helped reduce the cost and complexity of the firm’s annual PCI scoping assessment.
The other systems reviewed involved copying data out or having separate columns dealing with cipher text.
“This would have required look-up tables, adding more systems resources which was something we wanted to avoid,” said Agnês.
The more systems involved in the transfer of sensitive data, the more complex the annual PCI scoping assessment.
By implementing the Liaison Protect system, Agnês could minimise the issue, ultimately reducing the scope, cost and complexity of meeting regulatory compliance.
The system was deployed fully in just three weeks. Deployment was fast, said Agnês, because of Liaison’s flexible, scalable approach to data management.
“This meant that 192business did not have to make any modifications to its existing systems, which reduced any potential disruption to the business,” said Agnês.
“Looking at a specialist supplier really yielded dividends for us. We now have a secure solution flexible enough that, should our systems change, we can still use in the future.”
192business sees tokenisation as a viable system for other areas of its business as its customers look to store other forms of sensitive customer data securely.