Split Knowledge, Dual Control Tokens

Tokenization is a very powerful tool set for protecting any data string.  Part of the reason it is so powerful is because of its’ simplicity in that it is not complicated to tokenize data.  From a breach standpoint, if the token is breached by an attacker they essentially gain nothing more than the notoriety of breaching data that is meaningless.  While a breach for any organization is not good, the “insult to injury” factor is reduced substantially as the cost of the data breach, outside of some bad PR, is basically zero.

What happens when you make tokenization more powerful from a data security standpoint?  What if you were able to create split knowledge, dual control token so the entire payment card number never actually resides in one place?  For instance, you retain the first 6 and last 4 digits, as permitted by the PCI Security Standards Council, and some other entity stores the middle 6 digits.  This way, if either of the two organizations is breached neither has the full payment card number.

Moreover, from a compliance standpoint, both organizations are able to reduce their compliance obligations by storing only part of a payment card number rather than the entire number.  While compliance is certainly important and serves a great purpose, the end goal is reducing risk to sensitive data sets.  Using split knowledge, dual control tokens, both goals of reducing risk and compliance obligations are achieved.

To learn more about how TokenEx is using split knowledge, dual control tokens for all data sets including Payment Card, HIPAA, GLBA, etc – Contact us, here.

Topic(s): payments , PCI DSS , tokenization