By Santosh Srinivasa
Background
The payment industry has been facing the challenge of providing solutions for payments that protect against various types of frauds like counterfeit, theft, account misuse and others. The implementation of EMV chip and usage across the globe has provided protection for card-present transactions, while there is a need for something similar for the card-not-present transactions and for new environments, which combine elements from both card-present and card-not-present transactions. The payment tokenization technology promises to address this issue.
The industry has spent a lot of time working on this; Apple Pay, introduced in October 2014, used the tokenization approach provided by Visa, MC and AMEX as an answer for this. Visa is planning BIG through the NFC tokenized mobile payment approach, which will change the world of payments.
When we usually make a payment for something, we handover the card to the merchant and wish for the cards details to be safe and secure. The card details from the merchant are sent to the acquirer through a switch and reach the issuer via the card schemes for authorization.
The emergence of mobile payments has created the risk of relying on the phone itself to carry out many transactions, thereby tracking/monitoring the device for fraud prevention. The new solution will convert all the sensitive card related information to a single-use token generated by a third party system. This makes it difficult for the hackers to access any data or use it for purchases.
The concern with the merchants is of not having the PAN used for more than just the transactions; bonus/loyalty points and dispute claims. The obscuring of PAN leads to merchants not possessing important data for processing. The token service will ensure that only a portion of the PAN is masked with the first 6 digits available.
An Overview of Tokenization
Tokenization is a process where the PAN (Primary Account Number) is replaced by a surrogate value called as ‘Token’. The process is very secure with properties, making it difficult to determine the original PAN from the token. The token will be mapped to the PAN and used by other systems and applications within the environment.
The tokenization system once implemented, limits the storage of card holder data by the merchant as per the PCI-DSS compliance. The token system will generate random numbers unrelated to the used PAN to make payments. This is the technology driving the Apple Pay service, keeping the credit card details safe and secure on the mobile phone device, which cannot be transmitted. The merchants cannot see the real PAN and in case of any security breach, the customer need not apply for a new card.
Tokens and Data in Payment Cards
There are many mobile wallets available in the market like – Google, Venmo, Payfone, ISIS, CSAM and mPOS solutions, which can be considered for this service.
The tokenization solution will benefit acquirers, merchants, card issuers and card holders.
The main components in this are:
Conclusion
The security of using mobile payments with Apple Pay and Android devices is the key for the growing market. The token service will be the future, supporting the token application on the mobile device. The customers shall be satisfied with the payment applications providing this facility and will not have a clue about the token service.
Visa has already implemented the token service in the US and is looking forward to cover it worldwide in competition with the others offering NFC-HCE (Near field communication - Host card emulation) solutions for the same.
The future for online payments is mobile payments with token service.
The industry has spent a lot of time working on this; Apple Pay, introduced in October 2014, used the tokenization approach provided by Visa, MC and AMEX as an answer for this. Visa is planning BIG through the NFC tokenized mobile payment approach, which will change the world of payments.
When we usually make a payment for something, we handover the card to the merchant and wish for the cards details to be safe and secure. The card details from the merchant are sent to the acquirer through a switch and reach the issuer via the card schemes for authorization.
The emergence of mobile payments has created the risk of relying on the phone itself to carry out many transactions, thereby tracking/monitoring the device for fraud prevention. The new solution will convert all the sensitive card related information to a single-use token generated by a third party system. This makes it difficult for the hackers to access any data or use it for purchases.
The concern with the merchants is of not having the PAN used for more than just the transactions; bonus/loyalty points and dispute claims. The obscuring of PAN leads to merchants not possessing important data for processing. The token service will ensure that only a portion of the PAN is masked with the first 6 digits available.
Tokenization is a process where the PAN (Primary Account Number) is replaced by a surrogate value called as ‘Token’. The process is very secure with properties, making it difficult to determine the original PAN from the token. The token will be mapped to the PAN and used by other systems and applications within the environment.
The tokenization system once implemented, limits the storage of card holder data by the merchant as per the PCI-DSS compliance. The token system will generate random numbers unrelated to the used PAN to make payments. This is the technology driving the Apple Pay service, keeping the credit card details safe and secure on the mobile phone device, which cannot be transmitted. The merchants cannot see the real PAN and in case of any security breach, the customer need not apply for a new card.
There are many mobile wallets available in the market like – Google, Venmo, Payfone, ISIS, CSAM and mPOS solutions, which can be considered for this service.
The tokenization solution will benefit acquirers, merchants, card issuers and card holders.
The main components in this are:
- Token generation
- Token mapping
- Card data vault
- Cryptographic key management
Conclusion
The security of using mobile payments with Apple Pay and Android devices is the key for the growing market. The token service will be the future, supporting the token application on the mobile device. The customers shall be satisfied with the payment applications providing this facility and will not have a clue about the token service.
Visa has already implemented the token service in the US and is looking forward to cover it worldwide in competition with the others offering NFC-HCE (Near field communication - Host card emulation) solutions for the same.
The future for online payments is mobile payments with token service.
No comments:
Post a Comment