Contact Us

The Problem

As data security breaches and their associated costs continue to grow, industry regulations become more stringent and data breach notification laws come into effect, organizations are increasingly pressured to protect Personally Identifiable Information (PII).

PII is information that can be used uniquely or with other sources to identify, contact or locate a single person. Examples of PII are: full name, social security number, IP address, license plate number, driver’s license number, credit card numbers, medical records and HR records.

The Answer

XiSecure™ On-Demand for Sensitive Data, Paymetric’s tokenization solution, affords businesses the opportunity to eliminate the storage and/or transmission of PII in enterprise systems and applications. By utilizing tokenization technology, companies can reduce the risk of a data security breach, and take advantage of the safe harbor that most breach notification laws provide to companies that secure PII. Because the solution is delivered On-demand, it is extremely affordable when compared to the investment businesses would have to make in costly encryption solutions. And your customers and employees can sleep better at night knowing their sensitive information is secure.

The Evolution of Tokenization – From Cardholder Data to PII

Tokenization was originally developed as a way for organizations to address the Payment Card Industry Data Security Standard (PCI DSS). As part of the standard, any merchant that processes, stores or transmits cardholder data is required to protect that data. Many organizations turned to encryption, a solution that proved costly and still left systems and applications vulnerable to attack. Enter stage right: tokenization.

Tokenization quickly became favored by merchants to protect stored cardholder data because it was a cost effective solution that drastically reduced their risk and liability. Security analysts and even members of card associations like Visa have further endorsed the utilization of tokenization and have correlated the adoption of the technology with “best-in-class “results.

As data breaches continued to rise, other industry regulations (like the HITECH Act for the healthcare industry) soon followed the recommendations of the PCI DSS and mandated the protection of PII. Even federal and state government has begun requiring public disclosure of breaches if reasonable measures to protect PII have not been taken.

Because tokenization is such a flexible technology, it can be easily adapted to protect any type of PII in any enterprise system or application. Paymetric’s tokenization solution is proven and has been used to secure billions of transactions for top Fortune 100, 500 and 1000 clients around the globe.

How It Works

Tokenization works by intercepting PII entered into enterprise systems or applications and replacing it with a surrogate value known as a “token.” A “token” is a unique ID created to reference the actual data associated with the encrypted data. The secured data is stored off-site in Paymetric’s secure data vault. 

¹2010 Annual Study:  Cost of Data Breach, Ponemon Institute 2010