All merchants have both an obligation and an industry mandate to protect consumers’ payment card data. The Payment Card Industry (PCI) Data Security Standards (DSS) provide guidelines on what merchants need to do to secure the sensitive data used in payment transactions. End-to-end encryption (E2EE) and tokenization solve for many of the vulnerabilities that exist in the payments processing chain. Encryption mitigates security weaknesses that exist when cardholder data has been captured but not yet authorized, and tokenization addresses security vulnerabilities after a transaction has been authorized. When combined, these two technologies provide an effective method for securing sensitive data wherever it exists throughout its lifecycle.
This paper is an overview of encryption and tokenization technologies—what they are, how they can be implemented, and the benefits and drawbacks of selecting a particular method of implementation.