Because credit card information is stored in BBPS, credit card numbers are not visible in the software applications. In each application, credit card numbers are replaced with reference tokens. The tokenized credit card numbers display as asterisks followed by the last four digits of the credit card number.
Tokens are created in a double-encrypted format. The tokens are opaque, meaning that they are created randomly and have no representation of the card number. This also means that the token cannot be run through any hacking programs, or de-crypted by the use of algorithms or any other de-crypting capabilities
The method by which card numbers are tokenized has been audited and deemed PA-DSS compliant.