Tokens are created in a double-encrypted format. The tokens are opaque, meaning that they are created randomly and have no representation of the card number. This also means that the token cannot be run through any hacking programs, or de-crypted by the use of algorithms or any other de-crypting capabilities

The method by which card numbers are tokenized has been audited and deemed PA-DSS compliant.