Tokenization of Credit Card Payment Data

Tokenization of Banking Card Payment Data

Keeping sensitive payment data secure and private by encrypting with tokenization

All merchants have both an obligation and an industry mandate to protect consumers’ payment card data. Two specific vulnerability points need to be addressed where sensitive data is at risk of being intercepted or stolen:

  • Pre-authorisation (when the merchant captures a consumer’s data and it is being sent or waiting to be sent to the acquirer/ processor); and
  • Post-authorisation (when the data has been sent back to the merchant with the authorisation response and placed in storage in the merchant environment)

Tokenization turns sensitive data into an unrecognizable string of characters that are rendered unusable without the tokenization system in place and, if stolen, provides no value to cybercriminals.

Business value

Business value


Maximum Security & Compliance

  • Securely manages and stores keys and sensitive data in a single, centralized location
  • Secures any structured data set, including personally identifiable information, for comprehensive privacy compliance.
  • Personally Identifiable Information (PII) is encrypted under hardware based 256 bit AES encryption
  • Meets compliance requirements with all relevant industry standards including Payment Card Industry standards (PCI DSS) and GDPR
  • Provides random tokens, based on a true hardware-based, FIPS-certified Random Number Generator.

Scalable and flexible

  • Allows for hierarchical user administration where dual-control is required for all sensitive operations.
  • Tokens can be generated in a wide variety of predefined formats, or a specified custom token formats
  • High Availability (HA) option, allowing multiple appliances to be integrated into a self-replicating network. Appliances may be separated geographically, allowing tokens issued by one appliance to be recovered on another.
  • Applicable for both token generation as well as de-tokenization.
  • Uses a simple JSON Schema with a RESTful API driven functionality.
  • Configurable network settings enable access to shared network storage for secure file storage and access.
  • Allows adding additional HSMs (including HSMs from other manufacturers), as well as view and manage existing HSMs within the infrastructure.
  • Offers configurable automated daily backup functions.

Regulatory Compliance Made Easy

Regulatory and industry compliant for strong user authentication, including PCI-DSS, NIST and GDPR


Remote Management

Remote Management permits appliance maintenance and configuration without requiring physical proximity


Software Simulator included

Included simulator allowing for evaluation and integration testing to benchmark the best possible solution for each specific case

Deployment options

Deployment options


On Premise

  • Useful for centralized use cases without a requirement of scalability or remote accessibility and existing legacy infrastructure
  • Defined total cost of ownership
  • Complete control on hardware and software, including configuration and upgrades
  • Secured uptime in areas with insatiable internet connectivity
  • Preferred choice in industry-segments where regulation imposes restrictions

In the Cloud

  • Strategic architectural fit & risk management for your high value assets
  • Provides flexibility, scalability and availability of HSM-as-a-service
  • Ideal for a multi-cloud strategy, supporting multi-cloud deployments & allows for migration flexibility
  • Allows you to seamlessly work with any Cloud Service Provider
  • Easy-to-use remote management and on-site key ceremony service option
  • Full control over data through encryption key life-cycle and key administration
  • Secured data privacy through Bring-Your-Own-Key procedures

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.