CardConnect secures patents on tokenisation

Source: CardConnect

CardConnect, a fast-growing provider of payment processing and technology services, today announced that it has been awarded two patents on tokenization technology from the United States Patent and Trademark Office.

The two patents -- U.S. Patent 8584251 and U.S. Patent 8763142 -- were awarded to CardConnect in November 2013 and June 2014, respectively.

Tokenization is a data security process that encrypts sensitive information -- such as a consumer's payment card data or personally identifiable information (PII) -- and replaces it with a mathematically irreversible token. The token has no algorithmic relationship to the original piece of data, meaning it cannot be unlocked with a decryption code.

Patent 8584251 covers systems, methods and software used for performing tokenization. Patent 8763142 covers browser-based systems, methods and software used for performing tokenization, as well as hardware-based systems, methods and software used in tokenization -- such as EMV-ready payment terminals that use point-to-point encryption (P2PE).

"These two patents are the result of CardConnect's commitment to inventing technologies that truly change the payments industry for the better, making merchants and consumers alike more secure," said Jeff Shanahan, President and CEO at CardConnect.

Both patented technologies, which CardConnect offers through its CardSecure solution and PanPad device, have been well-received by the company's 50,000 U.S. merchants.

"In the last year alone, an enormous amount of cardholder information has gotten into the wrong hands simply because businesses cannot protect raw card data," said Rush Taggart, Chief Security Officer at CardConnect who played an integral role in the invention of and application for both patents. "Now more than ever, tokenization, coupled with point-to-point encryption and EMV, will help us all avoid catastrophic data breaches and ensure that our most sensitive information remains protected."

In addition to protecting confidential information, tokenization also reduces or entirely removes systems from the scope of PCI compliance -- a set of rules set forth by the Payment Card Industry Security Standards Council -- because it removes all real touch points with actual card numbers.

Comments: (0)