The present invention relates to desensitization of payment data. In some markets, merchants may use separate devices to obtain authorization for payment transactions and for tracking consumer data. For example, some merchants may use electronic data capture terminals provided by issuers (e.g. banks) to obtain authorization from the issuers for payment transactions. A separate merchant computer may be used for tracking consumer data for accounting or loyalty purposes. Since the electronic data capture terminals and the merchant computer are not integrated, this can lead to a practice called “double swiping.” Double swiping can refer to a second swipe of a payment card at a merchant terminal after the first swipe to obtain initial authorization from the bank. The second swipe is commonly performed to track customer details within a merchant's system, for accounting or loyalty purposes. The second swipe can expose all of the data from the payment card, and is often performed on a less secure merchant terminal. These less secure terminals can then be targeted for hacking or bugging to obtain card data. This can undermine the integrity of the payment system, and diminish consumer trust in a merchant's business.
Embodiments of the invention address these and other problems, individually and collectively.