In this post Ben Schmitt, Dwolla’s Information Security Risk Manager, explains the guiding principles and practices behind tokenization. This post is a breakdown of something very technical for our every-day user — basically, our goal is to improve your understanding of information security.
What is tokenization?
Tokenization is the concept of replacing high-value data with a reference or low-value representation of that data in a transaction. In the physical world, examples abound, think tokens at a carwash or an arcade. These physical tokens have no value in the real world — you can’t buy anything with them — but they can be redeemed to obtain access to a specific resource with a specific entity like the Skee Ball game at Chuck E. Cheese.
This concept of giving value to an otherwise value-less item has real application in the digital world, especially as it relates to security. Basically through tokenization, we’re making your sensitive, personal information less useful to a fraudster, thus improving security surrounding the data.
Guiding principles for protection
- With tokenization, sensitive payment information is removed from transactions
- Since information isn’t shared, it remains in your control
- Tokens are not long-lived, but have a definite expiration date
- Tokens can be revoked when necessary
Tokenization is a key element in securing data
A classic security approach is to classify and secure data based on value — the higher the value, the stronger the security. It makes sense, right? If something is worth more, you put it in a bigger safe with a more robust lock.
Many companies use this “ranking” strategy for sensitive data — think platform code, user information or a special engineering design. This is called Personally Identifiable Information (PII) or critical strategic information.
The value of these data elements is much higher and protection schemes must be significant and proportional to the risk of data exposure. It’s like putting on a big winter coat during a snowstorm as compared to a light rain jacket on a spring day; the risk of exposure is greater, so you need better protection.
However, an overall security strategy should do more than protect just high value data, it must also make data less valuable to an attacker where possible. This is where tokenization comes in: replacing high-value data in a financial transaction with a time-based, tokenized message.
Your sensitive information becomes represented by a token. In turn, this token is worth far less than the personal information you’ve shared, and after a short period of time, this token ceases to exist altogether.
Tokenization and Data Protection
Tokenization protects data via reference, scope, timing and cryptography — each of these elements contributes to the Dwolla security strategy. Breaking these four pieces down further, we can better understand the real value of tokenization as a protective measure.
Reference: Dwolla does not share high-value data such as a Bank Account or Routing Number for transactions with the other party.
Network Level: The Dwolla Platform uses a reference number to replace your sensitive financial data. This is referred to as an OAuth Access token, and it represents you, the user. This token acts based on the permissions you’ve given; it serves as both a reference and a guide for the actions you’ve allowed within your Dwolla Account.
Bank Level: Bank account information for users is not shared on the bank’s end. Rather, another token is created from the bank representing the bank user.
Timing: Dwolla requires that tokens have a one-hour-long expiration time frame. If a token expires, this access token must be refreshed. These time-based tokens are used to complete transactions in seconds without moving high-value data. Once the message is received, it cannot be sent again. Basically, a token has a lifespan for use. Once that lifespan is exhausted you have to ask for permission to revive it.
Scope: Tokens have a collection of authorized actions in the form of ascope. The scope contains the range of actions that can be taken. In Dwolla’s case the scope is limited to the authorizations such asTransaction Details, Balance, Send Money, Receive Money. Establishing a scope is incredibly important as it strictly limits the use of the token so it’s not used incorrectly. Going back to our Chuck E. Cheese example, basically the scope limits what the token can do. You can only buy a game at Chuck E. Cheese, but you won’t be allowed to pay for the family meal with the token — you can only do what is permitted within the scope and nothing more.
Cryptography: Tokenization goes hand-in-hand with cryptography — it’s like peanut-butter and jelly. Tokenization enlists cryptography to secure the information in transit, and uses randomization to ensure each token is unique. In Dwolla’s case strict, standards-based cryptography is in place.
At Dwolla, protecting our users and ensuring the best security possible is of the highest importance.
Originally posted: http://blog.dwolla.com/tokenization-101/
