Tokenization

Tokenization swaps sensitive data for a token with no mathematical relationship to the original, reversible only by looking it up in a secure vault — so a stolen token is worthless on its own. Unlike encryption, where ciphertext is derived from the data and a key, the token carries no recoverable value, which is why payment systems use it to keep actual card numbers out of application databases and shrink PCI-DSS scope.