Digital payments were on the rise well before the start of COVID-19, but the impact of remote working has catapulted a massive shift to digital around the world. The global pandemic has changed the way we live, work and shop — and digital payments have allowed us both necessities and conveniences when we need them most.
In 2017, the global mobile wallets market was worth $368 billion. In the next two years, the value jumped over $745.7 billion. Statistics indicate the unified market is expected to double by 2023, growing by 28.1% to $2.1 trillion value, in terms of compound annual growth rate. Key players are Apple Pay, Google Pay, PayPal, Samsung Pay, Venmo, and Lemon Wallet.
According to Techcrunch.com, 'consumer online spending is up globally, with spend per active card-not-present cardholder up by over 25% in April 2020, compared to January'. With this meteoric rise, comes the potential for increased fraud in a world full of hackers trying to steal personal data.
The use of tokens in the digital world came about as a means of replacing sensitive data with a non-sensitive digital equivalent. Digital tokenization was first introduced by TrustCommerce in 2001 as a means of protecting credit card information.
Before tokenization, merchants would store sensitive credit card information on their own servers, which meant that anyone with access to the system could view potentially sensitive information.
Tokenization replaces the Primary Account Number (PAN) with randomized numbers, called tokens, which merchants can reference to allow TrustCommerce to process the payment on their behalf. This process ensures sensitive data is protected from unauthorised sources. Payment tokenization is non-reversible and increases the security of sensitive cardholder data.
Here’s how payment tokenization helps protect consumers who use tokenizing as a part of their payments, subscription billing and recurring payments methods.
Once you have taken a picture of your payment card and the card data is loaded into your iPhone, Apple sends the details to the card’s issuing bank or network. This replaces payment card details with a series of randomly generated numbers (or pay tokens). That random number is sent back to Apple, which programs it into the phone. This means that the number stored on the phone can’t be extracted into anything valuable to fraudsters.
In Android Pay, tokenization works in a similar way. Once your card information has been loaded into the app, Google creates a pay token to represent your account number. This makes it almost impossible for anyone to hack your account and access your actual credit card information.
When you buy something directly from an app on your phone - like clothes, books, furniture or concert tickets, if your phone contains a token, none of these apps have access to your credit card details. Essentially, your bank information is locked and inaccessible to fraudsters. Checking out is also easier, as most apps link directly to your stored delivery information.
Online shopping activities are also protected by tokenization. Stores that use card tokenization may never actually see or store the sensitive data, but if someone does gain illegal access to the system, they will only see randomized tokens.
The other great thing about tokenization is that your tokens are different at each online retailer, so in the event of a security breach, all tokens issued to that website will be disabled, alleviating the need for customers to replace their card.
The lifecycle of tokenization begins when the customer attempts to load a card onto their device.
Step 1 | The Token Request sends a cardholder PAN to the token vault. (i.e. a request) |
Step 2 | The issuer performs identification and verification (ID&V) and passes those results to the vault. This is known as "binding." This completes the payment token registration. ID&V ensures that the payment token is replacing a PAN that was legitimately being used by the token requestor. ID&V is performed each time a payment token is requested. |
Step 3 | As part of the Payment Token Evaluation Request Process, the token vault alerts the issue that D&V is needed. |
Step 4 | The token vault passes the registered payment token to the token requestor, completing the payment process token request. |
Source: TSYS Tokenization FAW & General Information
|
In the authorization or transaction process, the challenge is to integrate smoothly into the existing payment flow. When the device is used at a terminal, only a token is delivered to the acquirer, not the actual card number.
The transaction needs to be switched via the acquirer to the token provider where the card number will be retrieved and forwarded to the issuer. At this stage, depending on the provider, other information may be appended to the transaction to give more visibility into other key metrics like the wallet type (Apple, Android, Samsung).
The transaction flows back via the same path. Some companies are both acquirer and issuer, and want to track the whole flow of the transaction.
This includes the first step when the token is delivered to the acquirer, through to the issuer, with the results of the transaction.
Step 1 | The cardholder initiates with a payment token, which then passes through the merchant acquires as if it were PAN. |
Step 2 | The payment token is de-tokenized into a PAN by the Token Service Proverder (TSP). |
Step 3 | The PAN and token are sent to the issuer, which makes an authorisation decision. |
Step 4 | The issuer sends that PAN and authorisation response back to the TSP. |
Step 5 | The TSP pre-tokenized the PAN. |
Step 6 | The TSP sends the PAN and authorisation response through the acquirer to the important merchant. |
Source: TSYS Tokenization FAW & General Information
|
The payments industry is evolving at lightning speed, with the continuous introduction of new technologies . How can businesses effectively manage booming transactions volumes, emerging technologies, regulatory challenges and higher customer expectations, as well as the ever-increasing risk of fraud? Tokenization now has a firm foothold in the payments space. Without comprehensive performance management, monitoring and troubleshooting your entire payments ecosystem, the gap between technology and banking widens for financial institutions, merchants and acquirers.
IR's Transact suite of solutions simplify the complexity of managing modern payments ecosystems. Bringing real-time visibility to your entire payments environment, Transact uncovers unparalleled insights into transactions and trends to help you streamline the payments experience, turn data into intelligence and assure the payments that keep you in business.
IR's Transact suite of solutions simplify the complexity of managing modern payments ecosystems. With the increased use of card tokenization, bringing real-time visibility to your entire payments environment, Transact uncovers unparalleled insights into transactions and trends to help you streamline the payments experience, turn data into intelligence and assure the payments that keep you in business.
You may download this checklist by clicking the button below