As you whip out your credit card this holiday season, you may wonder how secure your data are at the stores where you're shopping. After all, it's almost the one-year anniversary of the massive Target credit card breach, and high-profile database thefts show few signs of slowing down.
Given the consistent stream of announcements, you might be asking why merchants like Home Depot, Target and Bebe have piles of credit card account numbers that can be stolen in the first place.
What if there was a way to buy things without ever giving your credit card number to the store?
Actually, there is. It's a concept known as "tokenization."
The idea is simple. A token is an item that stands in the place of something else, as a subway token once represented the dollar it cost for a train ride. In the credit card world, tokenization means taking credit card account numbers out of merchants' hands, replacing them with strings of characters–essentially, digital tokens–that would, theoretically, be useless if stolen by criminals.
A new token can be created for each transaction, making even a one-time purchase at a small online retailer feel more secure. Or busy merchants can assign their own token to each consumer, meaning a stolen database couldn't be used at any other retailer. Only banks would know consumers' real account information.