Tokenisation
Tokenisation means that somewhere there is a Service that handles the tokenisation requests from TalkTalk applications, the service maps the Cardholder's Primary Account Number to a Token. This mapping will be held in a secure Token Vault. If you have the right permissions, you can ask the Tokenisation Service to detokenise the PAN e.g. back to the original 16 digit number on the front of the card.
The key question for me is was this a Tokenisation Service run by TalkTalk? Or implemented by their payment provider or Bank / Acquirer? If it is managed by a competent third party then TalkTalk applications would be unlikley to be able to ask for a PAN to be detokenised.
I do not see Tokenisation being better that Encryption, it offers similar protection but in a different way, poor implementation can screw both up.
Biting the hand that feeds IT
