There's a lot of discussion about tokenization. To keep the issue simple  tokenization is about encrypting sensitive data to reduce PCI compliancy requirements - also there's discussion whether it actually solves anything or not. As already mentioned the key point of tokenization is reducing PCI compliance costs but there are also other aspects of it. More specifically on the way how tokenization is implemented or it is bought as a service from some service provider. Also now when some organizations are forced to change their systems and it's a great spot for redesign both for business and technical processes.

 

I will not go into details on actual tokenization but try to see the benefits from another angle. Actually I'll concentrate around customer loyalty and service areas. Gartner seems to be working around building versus buying tokenization as well but their report is still under work - interesting to see what issues it will address on. When buying PCI compliant tokenization from any vendor definitely it is more easier and maybe even cheaper but you'll lose a lot of possibilities also - more specifically some could be highly important business opportunities. Also externalization does not typically decrease headache rather than increase the need for some serious management, stress the importance of architectural design and weaken business agility.

 

Customer loyalty is important to any retail stores and some spend more than others but all in all their investments for loyalty programs are quite huge. Creating, distributing and maintaining customer cards for retail chain is not a small thing and at least I'm quite fed up about having several cards on wallet. But credit/debit card I always have with me. What if customer could be indentified for the loyalty program only with credit card from the cash register. When tokenization is built and hosted within the company it of course has a connection to authorization processor but why not integrating it with other backbone systems as well. 

 

When the organization is on control of all sales transactions, tokenization processes and managing the surrogates they can quite easily aggregate database from transactions which has the referential integrity for unique credit cards but does not contains the sensitive data. With this data they can create campaigns for consumers to register and match their credit cards with personal data. For example I could enroll all my cards - visa, amex or master - under my account and thereafter all my purchases would be stored there automatically. Even creating loyalty accounts for families or any groups would be simple. Loyalty data then creates all sorts of possibilities for focused marketing activities and consumer campaigns and I as the end customer does not have to take care of dozen of loyalty cards.

 

Important point here is also real-time connection from point-of-sales  (POS) system to enterprise line-of-business systems. If cash systems would be able to capitalize on the data received from enterprise backbone it also creates new ways to serve and engage consumers. Let's have an another example scenario. I'm flashing my credit card at cash register and POS system makes conversation with tokenization interface. It handles authorization of the card but also concurrently makes a query from loyalty system which then responds that because I'm such a good customer I get a some percent discount from my purchase. Maybe the retail store has earlier reached me with marketing pitch that if I buy any new TV within the next week I'll receive 20 percent discount at cash register.

 

To summarize this actually this post is not about tokenization or any technical details of it. This is actually about broadening the technical processes behind sales transaction handling by integrating POS's and payments systems with line-of-business systems. Especially tokenization and integration with line-of-business systems makes it possible to utilize surrogates outside the conventional payment scope and explore new opportunities.