Data protection with translation

What is claimed is: 1. A computer-implemented method comprising: receiving, by a payment processing network computer from a host server, an authorization request message for a transaction, wherein the authorization request message includes an encrypted personal identification number (PIN) encrypted using a first zone encryption key and encrypted sensitive data encrypted using a second zone encryption key, wherein the first zone encryption key and the second zone encryption key are associated with the payment processing network computer, unique from each other, and both derived from an initial key derived from a base derivation key that is associated with a key serial number; decrypting, by the payment processing network computer, the encrypted PIN using a first zone decryption key; decrypting, by the payment processing network computer, the encrypted sensitive data using a second zone decryption key; verifying, by the payment processing network computer, the decrypted sensitive data and the decrypted PIN; and based on the verified decrypted sensitive data and PIN, performing authorization processing for the transaction, including transmitting an authorization response message to the host server, the authorization response message indicating whether the transaction is approved, wherein the first zone encryption key and the second zone encryption key are selected from a set of zone encryption keys based on a determination that the authorization request message is to be routed to the payment processing network computer, of a plurality of potential payment processing network computers, based on the decrypted sensitive data, and wherein a third zone encryption key and a fourth zone encryption key are associated with a second payment processing network computer and used for encryption when routing a second authorization request message to the second payment processing network computer, and wherein the second payment processing network computer uses a third zone decryption key and a fourth zone decryption key to decrypt and validate a second sensitive data and a second PIN, respectively, for a second transaction, wherein the host server: received the sensitive data and the PIN encrypted in a first format, wherein the PIN and the sensitive data are encrypted using Triple DES Encryption Algorithm (TDEA), derived the initial key from the base derivation key, generated a first derived decryption key and a second derived decryption key from the initial key according to a derived unique key per transaction (DUKPT) key management scheme, decrypted the PIN using the first derived decryption key, and decrypted the sensitive data using the second derived decryption key, prior to re-encrypting the PIN using the first zone encryption key and re-encrypting the sensitive data using the second zone encryption key. 2. The method of claim 1 , wherein the sensitive data includes a primary account number (PAN) identifying an account. 3. The method of claim 2 , wherein the sensitive data further includes at least one of a cardholder name, a cardholder address, and discretionary data, and wherein a subset of discretionary data remains unencrypted when discretionary data is included in encrypted sensitive data. 4. The method of claim 2 , wherein performing authorization processing for the transaction further comprises: determining, by the payment processing network computer, whether the transaction is authorized; and generating, by the payment processing network computer, the authorization response message indicating whether the transaction is authorized. 5. The method of claim 1 , wherein an encrypted primary account number (PAN) is written to a PAN field of the authorization request message, wherein the encrypted PAN has a same format as the PAN. 6. The method of claim 1 , further comprising: performing, by the payment processing network computer, a clearing and settlement process for the transaction. 7. A payment processing network computer comprising: a processor; and a non-transitory computer-readable medium coupled to the processor and comprising instructions executable by the processor to perform steps comprising: receiving an authorization request message for a transaction from a host server, wherein the authorization request message includes an encrypted personal identification number (PIN) encrypted using a first zone encryption key and encrypted sensitive data encrypted using a second zone encryption key, wherein the first zone encryption key and the second zone encryption key are associated with the payment processing network computer, unique from each other, and both derived from an initial key derived from a base derivation key; decrypting the encrypted PIN using a first zone decryption key; decrypting the encrypted sensitive data using a second zone decryption key; verifying the decrypted sensitive data and the decrypted PIN; and based on the verified decrypted sensitive data and PIN, performing authorization processing for the transaction, including transmitting an authorization response message to the host server, the authorization response message indicating whether the transaction is approved, wherein the first zone encryption key and the second zone encryption key are selected from a set of zone encryption keys based on a determination that the authorization request message is to be routed to the payment processing network computer, of a plurality of potential payment processing network computers, based on the decrypted sensitive data, and wherein a third zone encryption key and a fourth zone encryption key are associated with a second payment processing network computer and used for encryption when routing a second authorization request message to the second payment processing network computer, and wherein the second payment processing network computer uses a third zone decryption key and a fourth zone decryption key to decrypt and validate a second sensitive data and a second PIN, respectively, for a second transaction, wherein the host server: received the sensitive data and the PIN encrypted in a first format, wherein the PIN and the sensitive data are encrypted using Triple DES Encryption Algorithm (TDEA), derived the initial key from the base derivation key, generated a first derived decryption key and a second derived decryption key from the initial key according to a derived unique key per transaction (DUKPT) key management scheme, decrypted the PIN using the first derived decryption key, and decrypted the sensitive data using the second derived decryption key, prior to re-encrypting the PIN using the first zone encryption key and re-encrypting the sensitive data using the second zone encryption key. 8. The payment processing network computer of claim 7 , wherein the sensitive data includes a primary account number (PAN) identifying an account. 9. The payment processing network computer of claim 8 , wherein the sensitive data further includes at least one of a cardholder name, a cardholder address, and discretionary data, and wherein a subset of discretionary data remains unencrypted when discretionary data is included in encrypted sensitive data. 10. The payment processing network computer of claim 7 , wherein performing authorization processing for the transaction further comprises: determining whether the transaction is authorized. 11. The payment processing network computer of claim 10 , wherein performing authorization processing for the transaction further comprises: generating the authorization response message based on determining whether the transaction is authorized. 12. The payment processing network computer of claim 7 , wherei