Could Tokenization Have Prevented Recent Data Breaches?

January 30, 2014
min read

Much controversy has been centered on the major data breaches at Target, Neiman Marcus and potentially Michaels, and affected millions of credit and debit cardholders.  Of this controversy and discussion lays the question – could tokenization have mitigated these attacks?

The data breaches had a very high level of sophistication and portray how vulnerable businesses can be to cardholder data theft. It truly is an eye opener to the importance of protecting cardholder data by maintaining and complying with Payment Card Industry Data Security Standards (PCI-DSS)Regardless of the level of sophistication, EMV would not have prevented theft as the malware used in the Target breach was able to take customer data beyond the point of sale system.In the case of this particular malware, encryption would have proven to be useless as well, depending on the location of the actual execution of encryption. If encryption occurs on the point-of-sale system, then this piece of malware would have been able to extract the track data prior to it being passed through the encryption method.”

Target’s best opportunity to have prevented the breach was if Target had tokenization and took action to adhere to PCI Data Security Standards through additional implementation of security controls.

Have a question on the breach or PCI Compliance? Contact an expert today.