One reality of the modern Internet-connected world is that the storage and transfer of sensitive and secure electronic data is potentially vulnerable to data breaches. Further, as electronic systems, such as electronic sales systems, become more complex, and as hackers become more sophisticated, security concerns are continually increasing.
In the early days of electronic transactions, dedicated magnetic card readers would scan unencrypted sensitive data on a credit card and transfer it to a transaction service for completion of the transaction. These communications were typically made over a dial-up connection and required basic encryption in the reader device in order to maintain security of the packet.
Over time, the reader devices have become more advanced, often with Internet connections and data input ports that enable malware to infect POS terminals. Further, as more and more merchants, such as online merchants, have moved to transfer data over the Internet, additional security features have been developed.
Most notably, “tokenization” is a means for replacing sensitive data with a “token” of data that may be non-decryptable or non-detokenizable by the merchant or other tokenization users (e.g., because they require third party decryption). Merchants, for example, might not ever store sensitive data themselves, thus enhancing data security.
However, a problem may arise if and when the token provider experiences a network outage. For example, an online merchant may be unable to obtain a token to perform an online transaction. A solution is needed that will preserve risk reduction, enable a cost-effective architecture, and that does not dilute the original value proposition.