Tokenization in general is substituting a Sensitive Data element with a non-sensitive equivalent, referred to as a token which has no meaning or value outside of the current Context if the "Tokenized" data is leaked

Tokenization is used to generate an Opaque token

EMVCo Tokenization#

The purpose of Tokenization (According to EMVCo Tokenization) is to swap out the original message with by-reference data with no intrinsic value of its own.

From this perspective, this is the same as by-reference.

Tokenization differs from encryption and Hash Functions where the message is changed, but the original message is still within the Ciphertext. The Ciphertext, of course, can be decrypted from:

Tokenizations, on the other hand, cannot be decrypted because there is no mathematical relationship between the Opaque token and its original message.

De-tokenization is, of course, the reverse process, when the token is swapped for the original message. De-tokenization can typically only be done by the original Tokenization Service or Token Service Provider. There is no other way to obtain the original message from just the Tokenized Token.

Single use Tokenizations#

by-reference Tokens can be single use (a one time Debit Card transaction) that are not retained, or multi-use (a Payment Card number of a repeat customer) that is stored in a database for recurring transactions.

Tokenization Standards[2]#

More Information#

There might be more information for this subject on one of the following: