Another method that can be used to render data unusable but recognizable is data masking. This method is commonly used in processes where there is human interaction. An example would be looking at your stored credit card information at an online retailer. Typically, your credit number will be masked (series of asterisks) except for the last four digits, so you can identify the card stored while not divulging the full number. This is done so that if your account is compromised, the number is not there to be stolen and used for fraudulent purchases. A similar method can be achieved in database views and specialized encryption solutions to enforce the least privilege and access only on a need-to-know basis.

This solution has pros and cons that should be considered prior to selection as a method to protect sensitive data. Masking as used on a database implementation is simply a view presented with the original data intact and viewable by database administrators. While the solution does provide some protection, it is not at the same level as tokenization, encryption, or hashing. A pro to this solution is the relative ease of implementation. Since the actual data is not manipulated the challenges introduced by the other methods are not present. Since there is no encryption or hashing involved, there is no additional processing power required, application changes, or key management required.

Using masking should only be considered for viewing restrictions in systems and log output and it is not truly a data protection method.