Which technique is used to secure sensitive information, such as credit card numbers, by replacing the data with a non-sensitive token?

The technique used to secure sensitive information, such as credit card numbers, by replacing the data with a non-sensitive token is tokenization. This process involves taking sensitive data and substituting it with a unique identifier or token. The original data is not stored alongside the token, making it difficult for unauthorized users to obtain the actual sensitive information, even if they gain access to the database.

Tokenization enhances data security by isolating sensitive data from the rest of the system, thus minimizing risks associated with data breaches. The token can be mapped back to the original data only through a secure mapping system, often kept in a secure environment or managed by a trusted third party. This method is particularly effective in industries that must comply with strict regulations concerning data protection, such as the Payment Card Industry Data Security Standard (PCI DSS).

In contrast, while scrubbing refers to the process of cleaning data to remove any sensitive information before it is processed or made available, it does not create a reversible substitute like tokens. Anonymization focuses broadly on ensuring that data cannot be linked back to an individual, often through irreversible processes, rather than merely substituting sensitive data. Integrity management involves maintaining and ensuring the accuracy and consistency of data rather than securing sensitive information through tokenization. Thus