In all of the example cases of data breaches discussed here, a method known as payment tokenization could have reduced the impact of the breach. Payment tokenization provides a mechanism that results in never having to store financial cards or other data; instead, irreversible tokens that represent that data are stored.
Tokenized data is typically associated with a credit card which can then be linked during a transaction. The important part of the tokenization process, in terms of PCI-DSS compliance, is that if the tokens are exposed, for example, during a data breach, they cannot be reversed to reveal any financial card data.
Typically, data such as the PAN or credit card numbers are tokenized. But tokenization can potentially be applied to any type of personal or financial data.
“Tokenization is not the same as encryption. Whereas encryption, with the right conditions, is reversible, tokenization can never be reversed – tokenization is an irreversible process.”
PCI-DSS compliance recommends the removal of financial card data from your system being a best practice. Using a process of tokenization when you handle payments, goes some way towards meeting the requirements of PCI-DSS compliance. But importantly, it also provides a way to reduce the general impact of a data breach.