July 7, 2015
Shift4 Celebrates 10th Anniversary of Tokenization!
Tokenization has become more of a household name as of late, as more companies adopt the technology and as sister technologies like the consumer-based “payment tokens” of mobile wallets take shape. Shift4, on the other hand, has been using tokenization long before anyone else. After all, we invented it a decade ago! How was tokenization invented? Let’s take a trip back to the mid-2000s:
After years of attending the annual Hospitality Industry Technology Exposition and Conference (HITEC), Shift4’s founders had been in numerous conversations with hoteliers about security and data breaches. These hoteliers would share the challenges they were encountering while trying to secure cardholder data. The pioneers of tokenization kept coming back to one thought:
“Why is it that people think they need to store cardholder data?” they asked themselves. “Why don’t we just give them some other value that’s meaningless, so they won’t have to?”
And thus began the thought process that led to creating our TrueTokenization® technology, which would provide a practical security solution that supported merchants’ everyday business operations while relieving them of the burden of storing and trying to secure cardholder data. The tokenization of payment card data is based on a concept that stretches back to Shift4’s earliest days and was developed out of our company founders’ core belief that our technologies should make processing payments more efficient and secure for our merchant customers. For years, we developed better ways to secure payment card data, and these concepts evolved into what we called tokenization.
Shift4 officially introduced the technology and the term “tokenization” to the public at our Transaction Security Summit in Las Vegas in September 2005 to improve security practices throughout the payments industry.
Flash forward to HITEC 2015, when we shared the exciting news about our 10th anniversary of TrueTokenization. Now, not only is TrueTokenization used by tens of thousands of merchants across North America, but we’ve officially reached (and surpassed) the milestone of six billion tokenized transactions!
A Simple Solution to Solve a Complex Problem
When Shift4 introduced tokenization to the industry in 2005, the official meaning of tokenization was defined by Shift4 as the concept of using a non-decryptable piece of data, or “token,” to represent, by reference, sensitive or secret data. In the payment card industry context, tokens are used to reference cardholder data that is stored in a separate database, application, or offsite secure facility.
In order to meet merchant needs and provide the strongest security against hackers, the original tokenization solution, TrueTokenization, was designed to be:
- Random – Because a TrueToken® is not mathematically-derived, it cannot be decrypted.
- Globally Unique – By not allowing universally-accepted tokens, the security is increased for both merchants and consumers.
- Transactional – A TrueToken is generated for each transaction to increase the security of your organization’s networks even further.
- Alphanumeric – By combining a nearly infinite amount of numbers and letters, a TrueToken is a string of data hackers can’t predict and will never match a real credit card number.
- Organic in Nature – TrueTokenization works pragmatically within the merchant environment to support analytics and loyalty programs while ensuring security.
We Tokenize in More Environments Than Anyone Else
The success of tokenization has not only been how quickly it has caught on with our 24,000+ merchants and its influence in the payments industry, but also how many adaptations of the security technology we have developed to suit a variety of environments. No other company has customized tokenization in this way to ensure that any merchant can reduce their breach profile and shrink their PCI scope, no matter their industry or size.
When properly implemented and combined with True P2PE™, TrueTokenization ensures the best defense against hackers by not allowing any sensitive cardholder data to enter your environment in the first place. In order to accommodate any environment, we’ve released a full suite of tokenized security solutions, including:
- 4Go® – Add additional security to prevent your point-of-sale (POS) or property management system (PMS) solution from ever handling sensitive cardholder data.
- i4Go® – Protect cardholder data in e-commerce and omni-channel environments by intercepting sensitive cardholder data before it ever enters a merchant’s site or hosting provider’s system.
- 4Res® – Make sure sensitive cardholder data is removed from central reservation systems and tokenized before it enters your PMS.
- 4Word® – Support guest services by securely sharing credit or debit card information with a trusted third party to process a one-time payment on your guest’s behalf while keeping your own environment free of sensitive data.
Learn more about TrueTokenization by watching this short video, Tokenization for Beginners, or by visiting our TrueTokenization page. If you have any questions, contact our Las Vegas-based Customer Support team 24/7/365 at [email protected] or call 702.597.2480 (option 2).