Companies pay dearly for data breaches that allow customers' credit card numbers to fall into the wrong hands. At the same time, complying with the security standards established by the credit card industry can carry a hefty price tag. Some businesses have decided that the safest and cheapest way to deal with credit card data is to eliminate it. They are using tokenization, a process in which a credit card number is replaced with a substitute number, called a token, that can't be linked back to the original card number. The credit card numbers may be held by the tokenization vendor or stored in one central, secure location at the company.
Jeff Abrams, continuous improvement process manager at Hill-Rom Holdings, a $1.3 billion manufacturer of hospital beds and other medical equipment in Batesville, Ind., says the need to comply with the Payment Card Industry Data Security Standard (PCI DSS) drove the company's adoption of tokenization.