Tokenisation and Encryption
Digital transformation, “high tech” including AI and blockchains, has provided a multitude of opportunities for organisations to innovate by creating a leap in buyer value and delivering increased efficiencies across a wide cross-section of buyers. Individuals and businesses have therefore benefited tremendously from this transformation, but have also become susceptible to security threats and cyber criminality. In a study conducted by the Verizon Business RISK Team, more than 280 million payment card records were breached in 2008. The global financial market collapse not only created economic
headwinds of unprecedented proportions but also some of the largest data breaches in history also occurred in the same year. In fact, the study confirmed that if reasonable security controls had been in place at the time of the incident, the breaches could have been avoided in their entirety.
Compliance with security standards is a resource-intensive challenge to all businesses irrespective of size. Despite the enormous efforts and vast expenditure of businesses to secure their data, hundreds of millions of records have been breached and continue to be. For instance, in 2008, the Verizon Business RISK team highlighted that retail, financial services, and food and beverage accounted for three-quarters of the 2008 breaches. The majority of the records were compromised from servers and applications. In 66 percent of the cases, the breach involved data that the organization did not know existed on its servers. Data breaches have continued to plague numerous industries since 2008. In 2018, an unprecedented number of breaches occurred, varying in severity. Hacking groups injected malicious code into poorly-secured web pages of British Airways, which exposed the data of 380,000 customers, and in India, an ID database managed by the Indian Government was compromised, exposing the identity details and private information of 1.1 billion individuals. Two technologies utilised in the protection of data are encryption and tokenisation. Tokenisation and encryption are often mentioned together, and their definition is used interchangeably. While both are utilised as data obfuscation technologies, there are clear distinctions between the two. Both technologies can be utilised to secure data under varying circumstances, and in some instances, such as end-to-end payment facilitation, both encryption and tokenisation are used together.