Most travel and transportation companies such as bus, train, airline and hotels have a mobile application that provides information about their services. Sequent enables all those companies to embed their smartcards into their mobile application.
Sequent Tokenization and Trust as a Service enables room-keys, tickets and in-app payments to be integrated easily, without the need for a separate “wallet application,” such that the application can retain its own user experience, look and feel when using cards.
Healthcare organizations, Covered Entities and Business Associates, can benefit significantly from the tokenization of both personally identifiable information (PII) and payment card information (PCI).
Tokenization replaces sensitive data (such as Primary Account Numbers (PANs), electronic Personal Health Information (ePHI), and Nonpublic Personal Information (NPPI)) with a unique value that is not sensitive. The non-sensitive value acts as a unique identifier and is the “token” for a sensitive record. This allows users to interact with the tokenized data directly, without having to decrypt and re-encrypt data each time they access the information.
The Healthcare Industry is a particularly high value target for cybercrime because of the prevalence of both payment and extensive personal data. Hence Healthcare entities are faced with complying with both the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS) requirements.
The first benefit of tokenization is the reduction of the cost of HIPPA and PCI compliance. By implementing tokenization, the number of in-scope systems and users can significantly be reduced. The second, and possibly far greater benefit, is the reduction in risk of unauthorized access. The tokenized data, whether it be payment or PII, has no meaning or value, and therefore has very little risk associated with it. Given the never ending specter of data breaches, regulatory penalties, and brand damage, tokenization can play a key role in mitigating the potential exploitation of customer or patient data.
IOT and Wearables
IOT and Wearables present a variety of technology format and use case challenges. Flexibility is important. Will the implementation be Host Card Emulation (HCE) or Secure Element (SE) based? How different are payment and identity uses cases from typical mobile use cases.
In the case of payment implementations, what are the certification requirements? Sequent has a breadth of capabilities and an ability to address both hardware security (SE) and software security (HCE) requirements as well as experience with scheme, e.g. Visa and Mastercard, requirements.
Privacy mandates have become significant challenges for organizations. They come in many forms: GDPR, its predescor the European Union Privacy Act (EUPA), in Brazil LGPD, in Canada PIPEDA and the list goes on. Common to all is the focus on “personal data” and “personally identifiable information” (popularly referred to as PII). Tokenization of personal data and PII can help make this challenge significantly more manageable.
De-personalizing data with tokenization can reduce the both the cost of audit and compliance and, most importantly, greatly mitigate the impact of breaches. Hiding or obscuring personal data is often a first consideration when it comes to complying with privacy laws. But how does one do this in a non-destructive way? Enter Tokenization which provides a form of non-destructive obfuscation. With tokenization, personal data is obscured but is recoverable via a special secure key. Consider the following example:
John Doe, 27 First St., NY 12345
Occupation: Bus Driver
If we remove the PII data from this record, it no longer contains personal data. Instead, it becomes anonymous:
Occupation: Bus Driver
This anonymous (or de-personalized) data could then be used to analyze occupations and salaries and be GDPR, etc. compliant. Tokenizing PII data items renders the personal data into meaningless groups of seemingly random characters that cannot be linked to an individual. The tokenized values can be converted back to the original values for those people with a legitimate interest in the PII data while keeping the PII data useless to everyone else.