Answers to Your Questions about Tokenization
For many financial institutions, the announcement of a new mobile payments service from Apple® prompts more questions than answers. Many of those questions involve tokenization, which enhances the security of online and mobile transactions by replacing sensitive payment account information, such as 16-digit card numbers, with digital account numbers called tokens.
Tokenization capabilities are required for cards to be used through Apple Pay™, which enables mobile payments in-person at the point of sale, and in-app when the application is integrated with the Apple Pay solution. Fiserv has been working with Apple, Visa® and MasterCard® to ensure clients have the ability to tokenize their card programs, and recently announced it has expanded its mobile payments portfolio to include tokenization capabilities.
The Point asked Allison Edwards, director of product delivery and support, Card Services, Fiserv, about tokenization and its potential impact on mobile payments.
How does tokenization work?
Tokenization replaces the traditional payment card account number (PAN) with a unique string of digital numbers, or token. Because tokens replace PAN numbers, sensitive account information is never shared. Tokens can be used for mobile proximity payments at a physical point of sale, mobile remote payments such as in-app purchases and in the future for e-commerce transactions. The entire process happens in the background in a way that is invisible to the consumer. For greater flexibility, consumers can restrict transactions for a specific mobile device, merchant or transaction type.
What are the advantages of tokenization?
Tokens help prevent payment fraud by turning sensitive account information into cryptograms that are only enabled when additional layers of security and authentication are provided. If there's a data breach at a store using tokenization, criminals will likely only get useless information. For added convenience, tokens can easily be turned off without canceling a card. Tokenization enhances transaction efficiency and security, and provides a secure method for enabling payments through mobile wallets and near-field communication (NFC). Consumers benefit from peace of mind and a simplified purchasing experience when shopping on a smartphone or tablet.
How will tokenization impact financial institutions?
To enable transactions that require tokenization – as with Apple Pay – financial institutions must tokenize their existing bank identification numbers (BINs). Once onboarding is complete, there will be very little impact in terms of transaction processing. Fiserv will process transactions whether a token or PAN is presented at the point of purchase. As tokenization is a relatively new concept, financial institutions should focus on internal education and training to help front-line staff support cardholders. There will be some process and customer support changes for financial institutions to consider, including how to best provide assistance when a smartphone is lost. Fiserv can help financial institutions anticipate many of these questions, and will assist our tokenization clients with onboarding and best practices.
Considering the strength of Apple's brand and market reach, Apple Pay is likely to boost the number of transactions from mobile devices. Banks and credit unions should be working now to make it easier and worthwhile for consumers to add their cards into any mobile payment app or service. Marketing, consumer education, loyalty programs and promotion of other payment-related functionality will not only encourage mobile payments at the point of sale, but also help ensure a financial institution-branded card is at the top of the mobile wallet.
What about EMVTM?
Tokenization and EMV are distinct but complementary capabilities. EMV has proven to be successful at reducing fraud at the point of sale, while tokenization addresses the potential for fraud in the card-not-present environment of online and mobile channels. EMV originally required a physical card to be inserted into a card reader at the point of sale, but recent developments allow for contactless payments using devices like a smartphone or smartwatch. Tokenization allows for a more secure and simple implementation of EMV using mobile devices, and EMV enables the secure use of token-carrying devices.
What role does tokenization play in an overall mobile payment strategy?
Look for consumer adoption of mobile payments to accelerate as they become easier and more convenient, whether through Apple Pay or other mobile payment services. To remain an active part of the payments eco-system, financial institutions must meet consumer demand for mobile payments, whether they are paying a bill, paying another person or making a purchase. Tokenization is one element in a comprehensive mobile payment security strategy.
For more information on mobile payment strategies, read "Don't Let Apple Pay Disrupt Your Mobile Payment Strategy" on The Point.
Allison Edwards is the director of product delivery and support for Card Services at Fiserv. She can be reached at firstname.lastname@example.org..