When we onboard businesses for payment processing, they commonly ask about security considerations – protecting your revenue and safeguarding your customers’ sensitive payment information are absolutely crucial to your business health.
If a security incident, payments fraud, or data breach happens at your business, you risk losing funds and – more importantly – customer trust.
Ensuring transaction security is the biggest part of what we do at Gravity. To accomplish this, we use credit card encryption and tokenization.
Below, we discuss what these are, and how they work.
What is Credit Card Encryption and How Does it Work?
Credit card encryption transforms sensitive credit card information into unreadable code during a transaction. The encrypted data can only be deciphered by a unique decryption key.
This payment protection mechanism works with the chips in modern credit cards, and is a safer payment method than the magnetic swiping mechanism.
It’s an “end-to-end” solution, meaning the payment information is protected from the point of purchase – for example, a credit card terminal – until it reaches the payment destination.
Encryption is used primarily for card-present transactions where the customer uses a physical card in-person.
Here’s how it works:
- The customer inserts their credit card at a credit card terminal.
- The credit card information gets encrypted and sent to the payment processor – in encrypted form.
- The credit card processor uses a decryption key to decipher the encryption, reveal the credit card details, and authorize the transaction.
- The payment is processed and the funds are sent from the customer’s bank to the merchant’s account.
Credit cards are equipped with a chip that enables credit card encryption – also called EMV technology. Modern credit card terminals like the ones Gravity works with are EMV-enabled and have this encryption method built-in.
What is Credit Card Tokenization and How Does it Work?
Credit card tokenization replaces the customer’s credit card information with a “token” – a random string of numbers. Each token is unique, ensuring that it can only be used once..
A token can represent a single credit card transaction, but it can also be used to “store” credit card information for future or recurring payments. When you add your credit card to digital wallets like Apple Pay, a tokenized version is what is actually saved.
Here’s how it works:
- The customer makes a purchase using a card-not-present method, such as an online purchase or a telephone order where they provide their credit card information.
- The credit card information is replaced by a token that represents it.
- The token is sent to the merchant’s bank.
- The merchant’s bank uses the token to request payment authorization from the credit card network (such as Mastercard or Visa).
- The credit card network presents the token to the customer’s bank.
- The customer’s bank matches the token to the customer’s bank account and verifies the transaction.
This means that even if the data is intercepted by hackers along the way, they would only be able to see the token – which would be useless to them. The actual credit card information always remains at the customer’s bank.
Tokenization can be implemented for all of the popular credit card payment methods that are used today and it’s the recommended security protocol for safely processing transactions where the physical card is not present.
It works with:
- Mobile wallets like Apple Pay.
- Contactless payments using NFC technology.
- Online credit card payments – including storing tokenized versions of the customer’s credit card information for future transactions.
- Recurring payments.
- Credit card payments made via text to pay or a virtual payment terminal.
- Mail Order/Telephone Order payments.
Tokenization vs. Encryption
The main difference between credit card tokenization and encryption is that encryption is reversible, and tokenization isn’t.
With encryption, credit card payment information is encoded and must be decoded back into the real payment information using an encryption key in order to finalize the payment. This method is used primarily for transactions where the physical card is inserted into a credit card terminal.
With tokenization, the sensitive information is replaced altogether by a token that represents it, but is meaningless on its own and can’t be reverse engineered into the original data. This method is used primarily for transactions where the card isn’t present.
At Gravity, we use both credit card tokenization and encryption to ensure safe credit card processing with any payment method.
Accept Credit Card Payments Safely with Gravity
Security is one of the most important aspects of payment processing – so much so, that the credit card industry created a set of standards that governs it. It’s called PCI compliance, and anyone who accepts credit cards must follow the PCI rules.
With protection mechanisms like credit card encryption and tokenization, your payment infrastructure is as bulletproof as it gets – and it’s a key aspect of compliance.
At Gravity, we provide a white glove setup and make sure that encryption and tokenization best practices are used at all times – so you don’t have to worry about payments fraud and hackers, and can focus on growing your business.