That’s the simple yet profound concept behind the process known as tokenization.
If you haven’t considered credit card tokenization for your restaurant, you are missing out on one of the most effective and affordable ways to protect yourself and your customers.
More technology? You might be thinking that’s the last thing you need to deal with. But you’re already doing electronic payments, so adding credit card tokenization functionality won’t complicate matters – it will make them much simpler and more secure.
More secure = less theft = happy customers = you sleep better at night.
Tokenization is the process of creating a string of random characters, called a token or alias, to substitute for real data – which in most cases is the customer’s credit card number.
When the customer swipes his or her credit card at your establishment, the credit card number is authorized and sent immediately into a centralized and highly secure vault. There it is stored by the payment processor, rendering it virtually irretrievable. (Don’t worry, this requires no additional equipment in your store.) An index in the vault creates a permanent connection between the credit card number and the new token.
Once the credit card number is tokenized, it returns immediately to your point-of-sale (POS) system for use in place of the actual credit card number. In most cases the last four digits of the card number will correspond to the last four digits of the token, so neither you nor the customer will notice a difference on the receipt. It will appear like this:
Note: Tokenization is not the same as encryption. Encryption involves a mathematical process that renders the credit card number unreadable. Though it is secure, if a hacker has the proper algorithm, the number can be decrypted.
On the contrary, with tokenization, once a credit card number is in the vault, there is no key or mathematical formula to restore the number back to its original form. The only way to retrieve the information is to access the vault, which is virtually impossible to do.
There are a number of benefits to credit card tokenization, including the following:
Tokenization is a sure fire way to protect your customers’ credit card information. This includes not only outside hackers, but also staff members who might be ethically challenged.
When your customers’ data is protected, your brand and, consequently your reputation, are protected. You can rest easy knowing you won’t have a security breach scandal on your hands anytime soon.
(Incidentally, if you don’t have tokenization capabilities, here’s what to do in the event your system is breached.)
Tokens cannot be monetized if they are exposed or stolen, so your restaurant can share tokens across multiple applications and even with external partners, franchisees, or service providers without fear of a security breach.
Our friends at Mercury® had this to say. We couldn’t have worded it any better ourselves:
Every merchant who accepts credit cards as a form of payment must adhere to the PCI-DSS (Payment Card Industry Data Security Standards) for the safe handling of payment card data…While there are compliance assistance solutions available on the market that help business owners meet their PCI-DSS requirements, using tokenization is one of the most effective ways to reduce the number of steps it takes to achieve compliance.
With tokenization, your POS system does not store actual card-specific payment data, enabling you to maintain PCI-DSS compliance much more easily.
Tokenization can be directly built into your integrated POS system (such as POSitouch) and tokens can be stored securely for future use.
Because tokens are stored securely in your POS system, you are able to use the data to build customer loyalty programs or create innovative marketing campaigns based upon the buying history of each customer, without the need for phone numbers or sign-ups.