The high-visibility data breaches that have affected retailers in the past year—those of Target Corp. and the Home Depot Inc., for example—have all resulted in consumer payment card information being stolen by hackers. One way to make a site less enticing to cybercriminals is to minimize the amount of data a retailer holds.
That’s why RepairClinic.com Inc., an online-only retailer that sells replacement parts for household appliances and other equipment, moved from encrypting and storing payment card data itself to First Data Corp. tokenizing it a few years ago.
Tokenization converts card numbers into codes, called tokens, which act as a proxy during most of the payment process. Those codes, if stolen by hackers, are essentially useless information. Apple Pay, a new payment system Apple Inc. introduced last month along with its new smartphones, is the most recent and perhaps most-publicized user of tokenization.
That security technology enables RepairClinic to store and use those tokens within its systems without security concerns because it doesn’t retain any useful card data. The retailer only stores the last four digits of a customer’s card to enable it to identify transactions to process returns. The full card data are kept by its payment processing vendor, First Data.
Even though it previously encrypted its data, the e-retailer believes the system wasn’t as secure as tokenization because tokenization keeps card data off its own system, while the encryption technology lived within RepairClinic’s system, says Chris Hall, the retailer’s president and co-founder. “That meant that if you figure out how to breach our encryption system, you could decrypt the data,” he says.
The retailer’s investment in tokenization as a security measure extends to its customer service agents, who take phone orders and enter customers’ payment information into RepairClinic.com, where First Data instantly converts the card information into a token. “We want to make sure we’re covering card data from every angle,” says Jim Koss, the retailer’s chief systems architect.
Read more about security breaches in the upcoming November issue of Internet Retailer. Subscribe here.