← Lessons

quiz vs the machine

Platinum1810

System Design

Tokenization of Card Data

Swapping a card number for a meaningless token backed by a secure vault.

5 min read · advanced · beat Platinum to climb

What tokenization is

Tokenization replaces a sensitive card number with a token: a surrogate value that carries no exploitable meaning. The real card lives only inside a hardened vault, and your systems store and pass around the token instead.

How it differs from encryption

  • Encryption is reversible with a key, so the ciphertext is still sensitive and in scope.
  • A token is just a reference; stealing it yields nothing because only the vault can map it back.

Using tokens

  • Charge by sending the token to the processor, which resolves it inside the vault.
  • Support recurring billing without ever re storing the card.
  • A leaked token database is far less damaging than leaked card numbers.

Design notes

  • Tokens can be format preserving so legacy systems accept them.
  • Restrict who can detokenize, and audit every access to the vault.

Key idea

Tokenization swaps card numbers for meaningless tokens backed by a secure vault, so a breach of your stores reveals nothing usable and most systems leave PCI scope.

Check yourself

Answer to earn rating on the learn ladder.

1. How does a token differ from encrypted card data?

2. Why is a stolen token database less damaging?