This invention relates to online transactions, and more particularly, to ways to help secure sensitive data during online transactions.
Online transactions such as purchase transactions often require that entities such as merchants and payment card processors exchange sensitive information. For example, in connection with a typical purchase by a customer, a merchant may obtain the primary account number (PAN) corresponding to the payment card account of a customer (e.g., the customer's credit card number). The merchant may provide the PAN to a payment card processor (payment processor) as part of an authorization request. The payment processor may use a tokenization server to generate a corresponding token that is provided to the merchant if the purchase is authorized. Later, when settling the purchase transaction, the merchant may submit the token and the settlement amount to the payment processor. The payment processor may recover the PAN of the customer from the token.
Because the token can be used to settle the purchase transaction, the token should not be exposed to any unauthorized parties. In environments with numerous merchants or merchants with numerous sub-entities, it can be challenging to secure tokens, leading to potential security vulnerabilities.
It would therefore be desirable to be able to provide improved ways in which to handle sensitive data such as tokens in connection with online transactions.