Article | April 9, 2018

Tokenization Vs Encryption

Source: Clearent
Why Your IT Clients May Want To Encrypt All Data

When used together, tokenization and encryption provide a layered security approach to protect sensitive card data at rest and in transit.


Tokenization is the process of replacing sensitive card data with a randomly generated code, also known as a token. The token stands in for sensitive data. In the event of a data breach, hackers only get access to tokens, which are worthless to a criminal.


Encryption is the process of encoding sensitive information. The only way to access the sensitive information is to unlock it with a key or password. In the event of a breach, encrypted data is useless to a hacker without the key. Point-to-point encryption (P2PE), a type of encryption technology, protects sensitive card data in transit until it reaches a safe decryption environment. PCI-validated solutions add an extra layer of security and protection and reduce PCI scope for businesses.