2. What is Tokenized Sending?
What is required to implement?
What SFMC features are not supported?
How is it provisioned and configured?
How is it sold?
How is it supported?
Resources
FAQ
Agenda
4. Tokenized Sending is a method for protecting sensitive customer data by not storing this data in
the SFMC.
Customers can still...
● Send personalized messages
● Use Tracking and Reporting
● Create Journeys, Events, Activities
● Segment, filter, and make decisions on data in the SFMC.
Tokenized Sending
5. Account-wide implementation (Parent + Child BUs)
Must have a Marketing Cloud Edition
Currently in Early Adopter Program (EAP)
Generally Available (GA) Sept 30
Details
6. Government laws or regulations
Corporate security policies
Reacting to data breach events
Market Drivers
Overview
7. Sensitive data – any single piece or combination of data a customer deems Personally Identifiable
Information (PII) or Protected Health Information (PHI).
Token – a value that represents a single piece or collection of subscriber/contact attributes.
“In the clear” or “plain text” – Data that is comprehendible, pre encryption/tokenization and post
decryption/de-tokenization.
Buzzwords
Overview
8. Protection through all application layers
User Interface
Database
Files on disk
Masked Data
Encrypted DB
Tokenized
Sending
Encrypted Data Sending
Note: Masked Data, Encrypted Data Sending, and Tokenized Sending cannot be provisioned together in the same account.
9. Breach events
Tokenized Sending Encrypted Data Sending
(Field-level)
Masked Data
(Obfuscated)
Encrypted Database
Unauthorized user sees clear data in
the UI
Unauthorized user accesses data in
the DB
Unauthorized user gains access to
the Key
Unauthorized user exports clear data
Hard drive stolen
Note: Masked Data, Encrypted Data Sending, and Tokenized Sending cannot be provisioned together in the same account.
10. Data Extension Fields
Tokenized Sending
SubscriberKey EmailAddress MobileNumber FirstName PerfLang DOB State
111aaa234 2344@token.com 000000256 English
111bbb567 987@token.com 000005250 Spanish
111ccc890 21067@token.com 000000091 French
SubscriberKey EmailAddress MobileNumber FirstName PerfLang DOB State
111aaa234 joewalker@gmail.com 987-555-8888 Joe English 04/15/1990 CA
111bbb567 ashleyt@hotmail.com 407-333-1111 Ashley Spanish 04/15/1990 TX
111ccc890 esmith2@aol.com 650-222-9999 Evan French 01/09/1995 MI
Data in a clear state
Data is tokenized
12. SMS Inbound Message Handling
Mobile Originated (MO) message flow
Aggregator
SFMC
Inbound
Processing
Customer
MobileConnect
Processing
Subscriber sends a
message to a private
short/long code
No Token
Queue
Get
Token
API
Extract
automation
Customer
If we do not get a token,
MO is queued and files
are extracted for
customer to process.
(hourly, daily, tbd)
If clear phone number is
exchanged for a token,
MO is passed to MC for
processing. 15
4
2
3
5
14. Build a Resolve Token API for SFMC to resolve tokens at send time, per our API spec.
Build a Get Token API for SFMC to create tokens for inbound SMS (MO), per our API spec.
Handle up to 50 simultaneous connections.
Must be able to resolve up to 500 token per connection (request).
Monitoring their server and connection.
Test their APIs before sending, using our testing harness.
Customer responsibility
Integration
15. Must create tokens and maintain the token-to-contact relationship.
Must start with no data in the account or else data will need to be converted.
Must use an email token for Email messaging - formatted like an email address.
Must use a mobile token for SMS messaging - 15 characters alphanumeric.
Must have a private SMS long or short code. (MobileConnect)
Must store at least a subscriber key and an email token or mobile token, per subscriber.
Must be able to extract messages when we cannot get a token during the SMS MO flow.
Customer responsibility
Required Data
17.
SF Integration / Connector, MobilePush, GroupConnect
Journey Builder Activities when decisioning criteria is not stored
Segmentation, Filtering, and Queries using criteria not stored
Sending Service-level Agreement (SLA)
Combined with Encrypted Data Sending (field-level encryption) and Obfuscation
***Existing accounts - require a data conversion
Not Supported
18. How is it Provisioned and Configured?
Tokenized Sending Global Launch
19. 1. Order is completed by AE
2. Customer builds the Resolve Token API and Get Token API (SMS MO)
3. Account is provisioned and configured for Tokenized Sending
4. Customer whitelists stack IPs
5. Customer tests their APIs
6. Customer executes a test send
7. Customer begins production sending
Process
20. Account is configured/setup like any other new account
Data sources should use the same schema and field names as the customers data warehouse.
Business Rule enabled using correct Data and Quality details (Support task)
Endpoint and auth credentials for each API is configured in Manage (Support task)
Provisioning and account config
21. How is it Sold?
Tokenized Sending Global Launch
22. The “What if…” scenario
Most clouds have security methods to prevent malicious users from getting into their cloud.
Some clouds also have security methods to prevent their own users from accessing data.
Few clouds have the answer to, “What if a hacker or unauthorized user gets to the data?”
Tokenized Sending is SFMC’s answers to, the “What if…”
Positioning
24. Become the expert by asking questions.
Don’t settle for, “that’s what security told me.”
What are the underlying reasons for protecting data?
What data needs to be protected?
Dig into the use cases.
Conversation Tips
25. How is it Supported?
Tokenized Sending Global Launch
26. Typical Support Requests
Here are things you need to be conscious of when a customer contacts Support:
Before sending - Token APIs
● Connection issue
● Improperly constructed payload
● Reference the Resolve and Get Token API specs
Sending job errors (contact Support)
● Diagnosed like any other account
● Reference Tokenized Sending Support FAQ doc
28. Resolve Token API specification is used for resolving Email and Mobile Phone tokens at send
time.
Testing Harness is a service for customers to test their connection and validate the payload format
for their new Resolve Token API.
Get Token API specification is used for creating tokens when an SMS MO comes into the Platform
with a clear mobile phone number.
Resources