Tokenization: New Life Given to Old Technology
Last month NMI exhibited at RSPA RetailNOW in San Antonio. The ISV and POS dealer-focused event is where retail and restaurant solution providers meet to learn about the most significant trends, threats, and opportunities. One of the more important education sessions was focused on payment security and featured speakers from the PCI Council, Verizon, and Visa.
During the panel discussion, the topic of breaches and best security practices came up. While valuable cardholder data will always be a priority target, it was shared that cybercriminals today are also very happy to steal or hold ransom other customer data. For example, many retail POS systems contain CRM functionality where customer phone numbers, addresses, and more are stored and can be appealing targets of criminals. The recommended course of action—after following all other network security best practices—is to devalue this data by using encryption and tokenization.
Historically, tokenization was used in payments to store tokens only for data directly tied to the payments process. Identifying the criminal trend of trying to obtain other information on customers, and realizing that value could be added to POS and payment applications, NMI sought to expand its tokenization functionality.
NMI’s Customer Vault service extends tokenization to include multiple payment methods (i.e., credit cards, ACH) and numerous payment instruments (e.g., a single customer token can consist of separate Visa, Mastercard, and American Express cards for the customer). Perhaps more importantly, the Customer Vault can also include other personal information such as the customer’s address, social security number, and more. This, in conjunction with encryption and following additional security best practices outlined by the PCI Council, will make it extremely difficult for criminals to impact your merchants negatively. If criminals do manage to get into the system, they’re greeted with a pile of random, worthless data.
Tokenization is also playing a new role with the advent of omnichannel. As retailers continue to shift to this business model to provide a more competitive and customer-friendly shopping experience, tokenization can be used to track customer shopping behavior across channels. Of course, for this to work, the merchant’s payment provider must have the technology in place to remove the silos of data from different sales channels and give merchants a holistic view of customers and their behavior. This is another area where NMI has been leading the charge.
It’s easy to overlook the power and capabilities of tokenization because the technology is quietly working behind the scenes in most applications. However, this decades-old technology has found a new life by finding additional ways to protect merchants and their customers. It’s also playing a vital role in the most significant transformation happening in retail.
Learn more about tokenization and NMI’s unified token vault.