Tokenization: Opportunity and Regulation, Finding a Balance
Tokenization limits the exposure of sensitive information and makes digital transactions more secure. Whether people realize it or not, millions of Americans already use tokenization technology on a daily basis. Recent developments in blockchain systems and decentralized finance create new uses for tokenization, raising legal questions as to how existing regulatory frameworks will apply or adapt.
At its core, tokenization replaces sensitive data with non-sensitive data — a token. When transacting, a token is used in lieu of personal identifying information but contains sufficient unique features so that an individual can be linked back to a token when verification is required. For example, when a consumer uses a payment card to make a purchase, the merchant’s payment terminal doesn’t look up the buyer’s personal banking information in order to confirm identity and ability to pay. Rather, tokenization replaces the buyer’s personal information with an algorithmically randomized set of numbers which the merchant cross-checks with the token service provider (typically a bank or third party). In turn, the token service provider checks the token against its records which are stored in a token vault. Once the cardholder’s information is verified, the token service provider confirms the transaction with the merchant. Without a secret key to decryption, an intercepted token is useless outside the current transaction.
Read the full article here: https://www.natlawreview.com/article/tokenization-opportunity-and-regulation-finding-balance
