Tokenization would not have prevented most retail breaches
Tokenization, where credit card numbers and other sensitive data is replaced by random characters, can be a secure alternative to encryption in many cases — but would not have helped in the majority of retail breaches over the past two years.
The Payment Card Industry released guidance last week about how technology vendors and retailers can use tokenization to reduce the amount of card data they store in their systems.
“Tokenization is one way organizations can limit the locations of cardholder data,” said PCI SSC Chief Technology Officer Troy Leach. in a statement. “A smaller subset of systems to protect should improve the focus and overall security of those systems, and better security will lead to simpler compliance efforts.”