All too often, we look toward technology as a magic bullet to cure what ails us. In some cases, tech works wonders on any number of fronts — from improving healthcare to changing the very way we pay for goods and services, rendering transactions digital and instant.
However, when it comes to security of those transactions, specifically data security, technology comes up short. Part of that comes because fraud is always evolving, and fraudsters are pushing constantly to find the vulnerabilities in firms’ and consumers’ best efforts to protect data. Shortfalls also crop up when promises outweigh what is delivered. When tech becomes a buzzword, excitement follows and, ultimately, complacency. “Set it and forget it” goes the mantra, and that’s never a good maxim to follow, as fraudsters are assuredly not “forgetting it.”
Might we see the same forces at work when it comes to tokenization?
On its broadest face, tokenization replaces sensitive data with unique identification attributes. In payments, specifically in the payment card industry (PCI), data — which can range from names and addresses to Social Security numbers and account details — is presumably kept safe and firms satisfy compliance mandates. It is the “presumably” that might give pause, because tokenization is not as impervious a process as some might assert.