Format Preserving Encryption, or data tokenization, is an encryption algorithm, which preserves the format of the original data set, but it replaces it with tokens that have no inherent meaning or value. With Format Preserving Encryption, you can “tokenize” sensitive data, like Social Security Numbers and Credit Card numbers, to move and store it while preserving its privacy and maintaining compliance.

FPE is a deterministic form of encryption, meaning the same input data set consistently produces the same output token. FPE is also reversible, meaning that the original data can be seen in plain text for legitimate and authorized purposes. Protocols for encryption include FF1, FF2, and FF3, with FF1 and an amended form called FF3-1 considered the most secure form.

The most common use cases for Format Preserving Encryption (FPE) are in applications where sensitive information is abundant and is transmitted and processed regularly. Industries with the most sensitive and personal data are public sector, healthcare, finance, e-commerce.

Format Preserving Encryption allows you to safeguard sensitive data of your clients and employees, while preserving its utility to the greatest extent possible for you. Because the sensitive data elements are replaced with tokens that have no intrinsic or exploitable meaning, the data can be shared, used, or analyzed to optimize and streamline your business. Thus, you can unlock your data’s full potential, while keeping sensitive and PII data secure, private, and compliant.

Format Preserving Encryption is reversible. Reversibility means that, as necessary, parties with appropriate access and privileges can safely and securely decrypt pieces of data for use. The data can be reversed from ciphertext to full or partial plain text. The functionality is preserved while protecting privacy and obeying regulatory requirements.

Data Tokenization by means of Format Preserving Encryption is an indispensable tool for achieving HIPAA compliance. HIPAA requires careful stewardship of data to maintain patient privacy, yet patient insights and innovative healthcare services need accurate and real patient data.

Format Preserving Encryption obfuscates patent data while it is processed and helps healthcare organizations hedge against the possibility of fines and breaches.

With Format Preserving Encryption, businesses can securely store and process payment information, without exposing sensitive data, hence. FPE is fundamental to PCI DSS compliance. Data tokenization by means of FPE can replace sensitive payment and cardholder data with non-sensitive tokens that match the data set, but don't hold actual information.  

Data tokenization can be applied early in the lifecycle, as soon as the payment data is ingested, to ensure that the data will be processed in a secure, private, and complaint way.  The most recent version of the PCI DSS standard, 4.0, which will take effect March 31, 2025, specifically outlines that all but the last four digits of the Primary Account Number (PAN) must be obfuscated. FPE is the solution to alter a few of the digits to comply with the standard.

There are two main approaches to Tokenization. Vaulted tokenization is a legacy approach, where the original data is mapped to a token, a unique data field representing a non-sensitive equivalent of the original data.  

The sensitive original data remains in a separate database, and every time the token needs to be reversed, it has to be referenced back to the host database. This can negatively impact performance and scalability as data volumes increase.  

Vaultless tokenization, on the other hand, does not have such overhead. Here, sensitive data is encrypted with a symmetric encryption key, and the encrypted data or token is substituted in the database table among non-sensitive data.  

These tokens can be generated with a specific format, so they can still be recognized as a social security number, credit card, email address, and so on, but have no intrinsic value anymore.

Fortanix uses vaultless encryption for FPE.