Tokenization can be defined as ‘the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token that has no extrinsic or exploitable meaning or value’.

by Morten Lilbæk Pedersen

Tokenization is not a new concept - it has origins dating back thousands of years. Historically, when someone has needed to protect a currency or a valuable item during a transaction, they’ve used tokenization by replacing that currency or item with something representative that’s less valuable. A good example of this today is the use of casino chips as a substitute for real money.

When dealing with payment cards in today’s business environment, the looming spectre of a cyber attack is something that could, and should, prey on one’s mind. Losing a SAP Business One database that contains payment card details is the worst case scenario for many businesses as it can ultimately lead to your customers’ card information exploited by criminals.

Tokenization, as used by most major payment gateways, digitally converts sensitive data to a representative token that has no value outside a specific gateway system. When a gateway provides a tokenization service, the gateway system must be secured and validated using security best practices applicable to sensitive payment card data protection, secure storage, audit, authentication and authorization. This is all handled by, and the responsibility of, the payment gateway, thus dramatically reducing the security requirements and responsibilities for businesses using that tokenization service. As such, tokenization is an excellent way to secure data that stored in a system.

Tokenization vs. Encryption

A common misconception is that tokenization and encryption are essentially the same thing. In fact, tokenization and encryption protect data in a very different way.
Encryption is the process of taking data and encrypting it into an unreadable format. While encryption does provide a substantial layer of protection against unauthorized viewing of this data, the data needs to be decryptable so it can be returned to the original format. This is indeed the case with solutions that encrypt payment card data in the database as they need to be able to reverse the encryption and extract the card number when processing transactions. If you have the correct key, you are able to decrypt the data and reveal the card numbers. This weakness has led hackers to develop sophisticated programs that enable them to untangle the encrypted data which was previously considered unbreakable.


In contrast, tokenization replaces sensitive payment data with a token that cannot be mathematically reversed back to the original data.

How does B1 iPayment for SAP Business One tackle tokenization and payment card processing?

B1 iPayment relies heavily on gateway tokenization, and as such it provides substantial protection to customers and businesses alike. Should a data breach occur the database would only yield unusable tokens to the hackers involved. These tokens cannot be transformed back into payment card details, and as such are completely useless to the unlucky fraudsters.

The attached image below describes the way that B1 iPayment works

B1 iPayment process for SAP Business One

As depicted here, only a token generated by the gateway is stored in the SAP Business One database, and no sensitive payment card data is stored at all. This results in enhanced security, as no one is able to obtain the payment card number after it has been submitted to the gateway. B1 iPayment uses the token to keep track of the transaction and handle authorizations, settlements and refunds.
The Future of Tokenization

The PCI Security Standards Council strongly advocates the benefits that tokenization brings to companies that process payment cards. If you choose B1 iPayment as your SAP Business One payment card solution, you can rest assured that you’re getting a future-proof payment card solution that uses the latest technologies to prevent data theft, and dramatically reduces the risk of your customers’ payment card information ending up in the hands of criminals.

If you'd like to arrange a demo of B1 iPayment then please get in touch with sales@slet-dette.boyum-it.com

en.wikipedia.org/wiki/Tokenization_(data_security)