Data breaches are expensive—they cost an average of $6.75 million per incident, according to one study. One way to reduce the risk is to cut down on the places that handle sensitive data. Enter tokenization. It beats encryption. Encryption leaves your data vulnerable if thieves steal the key. Tokenization replaces protected data with a digital placeholder that applications use just as they would real Social Security or credit card numbers. But if you’re hacked, the data is useless to criminals. “Any business storing card numbers today should be looking at tokenization,” says Lucas Zaichkowsky, a senior compliance technologist with Mercury Payment Systems. Tokens can look like your legacy data. One of the good things about tokenization is that you can be flexible in how you create your tokens. They can have the same data structure as the credit card or Social Security numbers you’re already storing, making it easier to reprogram your legacy applications to handle tokens. And there’s a pretty good chance you’ll end up using both tokenization and your legacy systems in combination at first. For some, it reduces your pci compliance burden. Another of the great benefits of tokenization is that if you set it up using an outside vendor and are not storing card data, you can skip the very long PCI Self-Assessment Questionnaire D in favor of the smaller and easier-to-complete Questionnaire C. However, if you set up a tokenization server on your network, you’re still storing the data, so you still have to fill out the longer compliance questionnaire. It’s tricky to deploy. If you switch from credit card numbers to tokens, you may find unexpected places where those credit card numbers are used. If you’re issuing a new token every time someone hands over a credit card number, for example, that could mess up your fraud-detection systems. You’ll need to map out all applications using this data beforehand. But even after you do this, don’t expect to be able to move every system to tokens immediately. Payment options vary. How do you want to pay for tokenization? Akamai offers a service that prevents Web users from ever entering their credit card numbers into a merchant’s system. They charge a flat rate. You can probably get tokenization as a service for about 10 cents per transaction from a payment-processing vendor, but that could lock you in to their system. You can manage your own tokenization servers, but some vendors charge per record. Related content brandpost Sponsored by Freshworks When your AI chatbots mess up AI ‘hallucinations’ present significant business risks, but new types of guardrails can keep them from doing serious damage By Paul Gillin Dec 08, 2023 4 mins Generative AI brandpost Sponsored by Dell New research: How IT leaders drive business benefits by accelerating device refresh strategies Security leaders have particular concerns that older devices are more vulnerable to increasingly sophisticated cyber attacks. By Laura McEwan Dec 08, 2023 3 mins Infrastructure Management case study Toyota transforms IT service desk with gen AI To help promote insourcing and quality control, Toyota Motor North America is leveraging generative AI for HR and IT service desk requests. By Thor Olavsrud Dec 08, 2023 7 mins Employee Experience Generative AI ICT Partners feature CSM certification: Costs, requirements, and all you need to know The Certified ScrumMaster (CSM) certification sets the standard for establishing Scrum theory, developing practical applications and rules, and leading teams and stakeholders through the development process. By Moira Alexander Dec 08, 2023 8 mins Certifications IT Skills Project Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe