Tokenization in general is substituting a Sensitive Data element with a non-sensitive equivalent, referred to as a token which has no meaning or value outside of the current Context if the "Tokenized" data is leaked

EMVCo Tokenization#

The purpose of Tokenization (According to EMVCo Tokenization) is to swap out the original message with by-reference data with no intrinsic value of its own.

From this perspective, this is the same as by-reference.

Tokenization differs from encryption and Hash Functions where the message is changed, but the original message is still within the Ciphertext. The Ciphertext, of course, can be decrypted from:

  • using the appropriate key(s)
  • brute computing force
  • a compromised key

Tokenizations, on the other hand, cannot be decrypted because there is no mathematical relationship between the token and its original message.

De-tokenization is, of course, the reverse process, when the token is swapped for the original message. De-tokenization can typically only be done by the original Tokenization Service. There is no other way to obtain the original message from just the Tokenized Token.

Single use Tokenizations#

by-reference Tokens can be single use (a one time debit card transaction) that are not retained, or multi-use (a credit card number of a repeat customer) that is stored in a database for recurring transactions.

Tokenization Standards[2]#

More Information#

There might be more information for this subject on one of the following: