Research Publication

Tokenization vs. Encryption: Options for Compliance

By Adrian Lane

The paper discusses the use of tokenization for payment data, personal information, and health records. It covers two important areas of tokenization: First, the paper is one of the few critical examinations of tokenization’s suitability for compliance. There are many possible applications of tokenization, some of which make compliance easier, and others which are simply not practical. Second, the paper dispels the myth that tokenization replaces encryption – in fact tokenization and encryption compliment each other. This version has been updated to include PCI guidance on tokenization.

Download: Tokenization vs. Encryption: Options for Compliance, version 2 (PDF)

(Version 2.0; October 2012).

If you like to leave comments, and aren’t a spammer, register for the site and email us at and we’ll turn off moderation for your account.