Credit and debit card details were tokenised, which is a standard higher than encryption
Can anyone explain what this means? As far as I know, there are two ways of hiding sensitive information.
It can be stored as a hash of the plaintext, which can then only be recovered by finding a value that results in the same hash (rainbow tables). This process may be made more difficult by obfuscating the plaintext (salting). I can't see any reason why TalkTalk would store hashed card numbers, since the process is one-way, and the only point of storing the card number is to use it to apply a charge. Alternatively it can be encrypted, in which case the plaintext is recoverable, either by decryption or by breaking the cipher.
If the TalkTalk process "is a standard higher than encryption", what type of encryption is it better than? Caesar substitution? Is it a one-way process, in which case it's basically a hash, or two-way, in which case it's a cipher? Either way, they need to identify the algorithm: it's well known that knit-your-own security solutions are always feeble.