A financial services provider is reviewing their security measures to protect customer data in their mobile banking app. They seek to preserve the user experience by allowing quick look-up of transaction histories without storing sensitive cardholder data on user devices or compromising on compliance with industry payment standards. Which approach would be most appropriate for securing the cardholder data while maintaining functionality?
Utilizing encryption and storing the decryption keys securely within the app
Salting and hashing the cardholder data before storage in the app
Incorporating tokenization to substitute sensitive cardholder data with tokens within the app
Applying format-preserving encryption on the cardholder data within the app