0

Whenever developing applications that need to store personal data (e.g. credit-cards), a common technique is to use tokenisation.

My understanding of the benefit is that the sensitive information in the database is represented by a 'meaningless' token making it more secure. The token-vault will contain all of the sensitive data and the corresponding tokens.

My question is, how does this actually make the data storage more secure? Instead of storing a credit card in a main database, you are literally just storing it elsewhere (the vault). Couldn't a hacker just access the vault instead of the main database and voilĂ , your data has been compromised?

cleverpaul
  • 935
  • 4
  • 12
  • 28

2 Answers2

1

The more places you have sensitive information, the more places you need to ensure that you treat the information in a secure manner. In addition to the storage you also need to ensure your sensitive information don't end up in logfiles, reports, emails etc.

If you only have creditcard information in the Vault, you don't need to secure you accounting system, your billing system, your mailing system etc., to ensure that you don't expose your creditcard information from those.

Ebbe M. Pedersen
  • 7,250
  • 3
  • 27
  • 47
0

The answer to your question, is if you kept all the information in your database and your infrastructure was hacked, they would quite simply get all your sensitive information. Sensitive data kept in a tokenised vault does not sit in the companies infrastructure, so if any hackers got into your infrasture, all the hackers would get is meaningless tokens as the secure sensitive data is kept elsewhere.

ZortrexVault
  • 1