Payment card processing system with structure preserving encryption

What is claimed is: 1. A method for securing tokens in a payment system to prevent unauthorized access to the tokens, wherein the payment system comprises merchant computing equipment associated with a merchant and payment card processor computing equipment associated with a payment card processor, the method comprising: receiving, at the payment card processor computing equipment, an authorization request from the merchant computing equipment over a communications network, wherein the authorization request identifies a primary account number; generating, using a tokenization server at the payment card processor computing equipment, a token based on the primary account number; storing the token in a database at the payment card processor computing equipment; encrypting the token using structure preserving encryption computing equipment at the payment card processor computing equipment, wherein encrypting the token using the structure preserving computing equipment preserves a length of the token wherein the token has the same length as the encrypted token, wherein data stored in the token is of a first data format, which includes characters from a first character space, wherein a portion of data stored in the encrypted token is of a second data format, which includes characters from a second character space that has a greater size than the first character space, and wherein encrypting the token using the structure preserving encryption computing equipment at the payment card processor computing equipment comprises: encrypting an entirety of the token using a merchant-specific key associated with the merchant computing equipment; and embedding identifier information that identifies the payment card processor computing equipment in the portion of the data stored in the encrypted token using the merchant-specific key, wherein the portion of the data stored in the encrypted token of the second data format comprises data for the token, data for the merchant-specific key associated with the merchant computing equipment, and data for the identifier information that identifies the payment card processor computing equipment; providing, using the payment card processor computing equipment, the encrypted token to the merchant computing equipment over the communications network to authorize a transaction at the merchant while preventing unauthorized access to the token; performing, at the merchant computing equipment, a decryption process on the encrypted token to retrieve the token, wherein the embedded payment card processor identifier information is extracted from the encrypted token during the decryption process; identifying a particular payment card processor computing equipment based on the embedded payment card processor identifier information extracted from the encrypted token during the decryption process; generating, at the merchant computing equipment, a settlement request that includes the retrieved token and that requests settlement of a purchase transaction associated with the primary account number; providing, using the merchant computing equipment, the settlement request to the identified particular payment card processor computing equipment over the communications network; obtaining, using the identified particular payment card processor computing equipment, the token from the settlement request received from the merchant computing equipment; detokenizing, using the identified particular payment card processor computing equipment, the token obtained from the settlement request to recover the primary account number; settling, using settlement computing equipment at the identified particular payment card processor computing equipment, the purchase transaction using the recovered primary account number; and transmitting, from the identified particular payment card processor computing equipment, information identifying completion of the purchase transaction to the merchant computing equipment over the communications network in response to settling the purchase transaction using the recovered primary account number. 2. The method defined in claim 1 wherein detokenizing the token comprises using the token to retrieve the primary account number from the database. 3. The method defined in claim 1 further comprising: encrypting, using additional structure preserving computing equipment at the merchant computing equipment, an entirety of the encrypted token to generate a double-encrypted token, wherein the double-encrypted token has the same length as the encrypted token. 4. The method defined in claim 3 wherein the merchant-specific key is used by only the merchant and no other merchants and wherein encrypting the encrypted token comprises performing encryption using a key that is different from the merchant-specific key and that is used by a sub-entity of the merchant. 5. The method defined in claim 1 , wherein embedding the information in the token comprises converting the information from the first data format to the second data format. 6. The method defined in claim 1 , wherein the payment system further comprises a subentity of the merchant, additional merchant computing equipment associated with an additional merchant, an additional sub-entity of the additional merchant, and additional payment card processor computing equipment associated with an additional payment card processor, wherein the additional payment card processor computing equipment uses a first merchant-specific key while encrypting another token when sending the encrypted another token to the merchant computing equipment, wherein the additional payment card processor computing equipment uses a second merchant-specific key while encrypting the another token when sending the encrypted another token to the additional merchant computing equipment, and wherein the first merchant-specific key is different from the second merchant specific key. 7. A method of securing tokens in a payment card purchase transaction processing system, comprising: receiving, at processor computing equipment, a primary account number of a payment card from merchant computing equipment; generating, using the processor computing equipment, a token corresponding to the primary account number; encrypting, using the processor computing equipment, an entirety of the token while embedding information in the token, wherein the token has the same length as the encrypted token, wherein data stored in the token is of a first data format, which includes characters from a first character space, wherein data stored in a portion of the encrypted token is of a second data format, which includes characters from a second character space that has a greater size than the first character space, wherein the embedded information is extracted from the encrypted token during a decryption process performed at the merchant computing equipment, and wherein encrypting the entirety of the token comprises: encrypting, by the processor computing equipment, the entirety of the token using a merchant-specific key associated with the merchant computing equipment; and embedding, by the processor computing equipment, the information in the portion of the encrypted token using the merchant-specific key, wherein the information comprises identifier information that identifies the processor computing equipment; transmitting, using the processor computing equipment, the encrypted token having the embedded information to the merchant computing equipment over a communications network to authorize a transaction associated with the merchant computing equipment while preventing unauthorized access to the token over the communications network; sending, from the merchant computing equipment to the processor computing equipment, a settlement request that requests settlem