Secure Payment Processing in Dynamics GP Part 3: Tokenization vs. Encryption

Visit Website View Our Posts

According to PCI standards, credit card numbers are not allowed to be stored in a company’s POS terminal or in their databases. Therefore, in order to reach PCI Compliance, encryption or tokenization of sensitive data must be utilized. Companies who wish to process credit card transactions must either install an end-to-end encryption system or outsource payment processing to a service provider that uses tokenization to encrypt sensitive data.

What is the difference between encryption and tokenization?

Encryption has been around for years. It has been used by the military and the government to secure sensitive data. With credit card processing, encryption works by transforming the sensitive data using a mathematical equation. The results are an encrypted code using numbers, letters and symbols that is usually longer than the original length of the data. This encrypted data is then stored internally on the merchant’s database. To restore the data to its original form, the mathematical equation must be reversed.

Tokenization is a newer technology. With credit card processing, sensitive data is replaced with a customizable “token” that can be made to mirror the format of the original data. The token is unrelated and non-descriptive of the original data. Further with credit card processing, tokenization requires the use of a gateway, which is where the encrypted data is stored. This means added security for your business.

Which method is better?

With tokenization, the sensitive data is only needed in its true form when a payment needs to be processed. Otherwise, the token can be stored on your server and used for any necessary internal processes without any concern for fraud. As stated, the only time the token will need to be converted back to its original form is to complete a transaction, which would be done on an external server. This alleviates your business from any risk of fraudulent issues.

The process of encryption is easier to hack. First, since the encrypted data is stored on an internal database, any fraudulent issues would be your organization’s responsibility. Secondly, encrypted data is easier to convert back to its original form. Hackers just need to figure out the algorithm used during the encryption process and then reverse that to return the data to its original form.

In conclusion, when it comes to credit card processing, tokenization is the better choice. For starters, simply using tokenization removes nearly half of the security requirements that are part of a PCI audit. On top of that, tokens cannot be cracked as they are just placeholders unrelated to the original data. Choosing to use encryption, on the other hand, involves a more complex process and the possibility that sensitive data could be compromised.

For a secure payment processing solution that integrates with Microsoft Dynamics GP, checkout Azox Credit Card Extension. Follow this link to view a PDF with products specs.

by Azox

2 thoughts on “Secure Payment Processing in Dynamics GP Part 3: Tokenization vs. Encryption”

  1. Paymetric’s Data Intercept Solutions keep sensitive cardholder data from entering merchants’ payment processing systems, dramatically reducing the cost and effort required for merchants to become fully compliant and secure.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Show Buttons
Hide Buttons