Tokenisation of payment solves one problem for Banks but not all future attacks
As banks adopt the new best practise approach of tokenization to ensure that real card information is not passed to merchants, new risks will appear as the potential for breach is shifted upstream to new attack vectors.
Tokenization ensures sensitive customer data is never passed to the seller, greatly reducing the risk of identity theft and security breaches
Bad guys will seek the next easiest attack approach:
- Banks that haven’t adopted tokenization still have their customer card information sitting on multiple store databases.
- Tokens themselves will be subject to attack. The potential exists to intercept a token and use as a one time payment.
- Banks own networks and systems. The source of the token will be a viable attack.
- A host of other techniques will be developed by criminals.
All this to say that tokenisation is a solution for known attacks and not future attacks. Constant vigilence and research is required to stay ahead.