Tokenization vs. Encryption: Options for Compliance
When do you want to use tokenization over encryption? How do these two technologies help you address security issues, and which is suitable for compliance? How do you decide which is better? You'll find the answers in this independently researched white paper written by data security analyst firm Securosis which helps IT professionals understand how tokenization and encryption work as well as its strengths and weaknesses.
Highlights from this white paper:
- If credit card data is replaced with tokens, almost half the security checks no longer apply, taking them out of scope for a PCI audit.
- Tokenization of payment data is a proven model with thousands of companies tokenizing millions of credit cards.
- Encryption is well suited for protecting PII, but is more complex than tokenization, and runs the risk of encrypted values being compromised. Tokenization removes sensitive data entirely.