As more information is collected and stored by companies and governments, such organizations have become targets for hackers and other malicious third parties. Typical organizations have many different projects, systems, databases, and areas that may be difficult to monitor for malicious activity at all times due to the vast size and resources involved in such operations. Thus, despite the best efforts of such organizations, data breaches occur regularly and data security is an important security concern for organizations of all sizes. Accordingly, limiting sensitive data storage to as few possible databases as possible within an organization and/or across organizations is an important security solution to such concerns.
In transaction processing systems, some data security issues have been addressed through the use of tokenization to substitute sensitive real credentials with a token. The tokens are not as sensitive as payment information (e.g., a primary account number or credit card number) that can be used to initiate transactions through other transaction channels and the tokens allow additional security controls to be applied to ensure transactions are authentic and not fraudulent. Further, tokens may be domain restricted (e.g., only used in a specific transaction channel such as e-commerce), thereby limiting their potential use if the tokens are compromised.
However, although tokens provide a layer of protection against interception of real credentials (e.g., by being domain restricted), the tokens can still be used by malicious third parties to initiate fraudulent transactions in some circumstances. Further, payment processors and other entities may use the tokens and/or real credentials (or any other sensitive consumer information) to provide a variety of different processes including payment processing capabilities, fraud risk analyses, loyalty program management, etc. Many such organizations may have thousands of different databases storing sensitive consumer information. It is expensive and inefficient to comply with the highest security standards for all of these databases. Accordingly, even tokenized systems provide targets for malicious third parties to attack and breach can lead to liability and loss.
Embodiments of the invention address these and other problems, individually and collectively.