XiSecure
The XiSecure On-Demand service provides the ability to use a token in place of a credit card number throughout a merchant's system to provide another layer of security and support compliance with the Payment Card Industry - Data Security Standards (PCI-DSS).
Tokenization
Tokenization is:
-
An alternative to encryption.
-
A technology that eliminates storage of sensitive information in enterprise systems and application databases.
-
Replaces sensitive information/PII with a unique “token” or surrogate that retains the original data format or takes on a new format.
-
Tokens can be used just the like the original data without the risk of exposing its inherent value.
Tokenization is the process of replacing a sensitive piece of data (such as the cardholder’s raw card number) with a value (a token) that is not a hash or encrypted form of that sensitive piece of data.
The original data is encrypted and stored in a secured vault (XiSecure On-Demand vault) on a different system, outside the company’s environment, and the token is a pointer to that encrypted data within the vault.
The raw card number is replaced by a token which is a random string that is not an encrypted or hashed version of the card (example if the raw card number is 4444333322221111 then the token may be –E803-1111-B121000989123Z). This token is sent back to the requesting system to be used instead of the raw card number when a call is made requesting authorizations or settlements for that card.
The token is a multi-use token in that it can be used instead of the raw card for the life of the card as long as it is used from a merchant system integrated with the tokenization solution. The On-Demand solution employs system authentication via client certificates to validate the requesting system.
See Also