Understanding Payment Tokenization

September 16, 2015

what-is-tokenization

Having already dispelled confusion around several topics including the basics of payment processing and EMV (an abbreviation for Europay, Mastercard and Visa) technology, we’re here again to clear the misconceptions around another emerging payment processing topic – Tokenization.  Payment tokenization is actually a straightforward concept that aims not to confuse, but further protect both customers and merchants alike without making any additional demands on either party.

Picture yourself purchasing tickets for a theater performance with your new Apple Watch.  While making the purchase, your Primary Account Number (PAN) or banking information is not used to initiate the transaction. Even the Apple Watch itself doesn’t store these details.  This heightened level of security is made possible by payment tokenization. 

Let’s take a deeper look.

 

EMV (Chip) Technology

Using an embedded microchip instead of a magnetic stripe on a credit card is considered more secure against cloning credit cards for counterfeit use. EMV accomplishes this using advanced cryptography and cardholder verification methods.

If a traditional magnetic stripe card is swiped at a magnetic stripe terminal, and the purchase is a counterfeit transaction, the merchant is generally not liable. However, if a chip card is used at a magnetic stripe terminal, and the purchase is a counterfeit transaction, the merchant is liable. This is because the issuing bank has made the investment in the chip technology to make the transaction more secure while the merchant did not invest in upgrading to handle chip card transaction. 

And while merchants upgrade their payment terminals to accept chip card transactions, merchants should ensure they are also capable of handling contactless transactions.

If a customer wants to use their Apple Watch or iPhone to pay for their purchase, they are in fact using EMV contactless as a payment method. Apple Pay increases the security of EMV contactless by using payment tokens.  When Apple Pay is used as a payment method, merchants are not held liable if there is a counterfeit transaction as cardholders are verified using the Touch ID (scanning of the fingerprint) or  entering their passcode.

apple-pay-tokenization

EMVCo, an entity represented by several of the major credit card brands, developed the EMV Payment Tokenization standard for securing credit and debit card payments made via mobile handsets, tablet computers and online channels.  Apple Pay is one instance which leverages this standard. Android Pay will also leverage the same standard.

 

What Is a Token?

To many people, tokens are a type of coin used to play games at an arcade, or operate washers and dryers at the Laundromat.  In these examples, a token is used instead of the bank issued coin.

A similar concept is used by payment tokenization, except the tokens here are virtual. Payment tokens are generated by the Token Service and is used for payment processing. The primary objective of token is to protect the cardholder PAN (or credit card number), by replacing it with a randomly generated number which looks like a PAN. Reverse engineering the actual PAN from the token is impossible as the tokens are not generated mathematically. Tokens are issued to the customer device through the Token Issuance process. This process will tokenize the actual PAN into a token and will store it in the device for future transactions.

Apple-pay-tokenization

Tokens can be seen in the context of three different types of payments: tap & go payments, purchases of physical goods within the apps, and in-app purchases of virtual services.

  • Tap & go payments involve using a traditional payment terminal via a contactless reader, otherwise known as near field communications (NFC).  The tap & go payment terminal leverages payment tokenization to confirm the sale, without transmitting any of the buyer’s actual card or account information. 
  • Purchases of goods within apps occur when a buyer leverages a shopping app to purchase something tangible.  Many retailers offer downloadable apps as a more streamlined means for making purchases without needing a browser. Payment data can be transmitted without the buyer entering account numbers and are verified by the user confirming identity via the mobile device.
  • In-app purchases of virtual services typically let you make in-app purchases to buy extra content (like bonus game levels or map experience points) and subscriptions. These also benefit from the protection of payment tokenization. 

In all of these examples, payment tokenization is used in lieu of the buyer actually using the credit card numbers. 

 

Merchant Requirements

For merchants with physical stores, the tap & go payment method will be the most relevant application of payment tokenization. As long as these merchants are equipped with an EMV Contactless reader and activated to process EMV transactions, they are ready to process transactions from contactless cards and select Apple devices (currently iPhone 6, iPad Air 2, iPad Mini, Apple Watch) . Tokenization does not require merchants to make major changes to their current payment acceptance systems. All the work is done behind the scenes without demand on the cardholder or merchant.

 

Tokenization - What's Next?

So why should we care about payment tokenization with all the other options and security means already in existence?

The biggest benefit to all involved is that payment card numbers are no longer used or saved where unauthorized access can occur. For customers this means added security and convenience. For merchants this means being able to accept new payment methods the way their customers want. And with the shift of financial responsibility, U.S. merchants need to be poised to protect both customers and themselves. Requiring hardware updates to support EMV payments, merchants should strongly consider also adopting EMV capable contactless terminals to take advantage of the additional, modern payment protection of tokenization.

 

Payment processing providers like Moneris are supporting merchants with this adoption by offering seamless addition of the protective tools and technologies necessary for enabling payment tokenization.  Click here to have a sales consultant contact you to discuss our payment solutions with you. Or call us directly at 1-888-321-9124.

 

Image credit 1 Image credit 2 Image credit 3
This article is for informational purposes only and it is not intended to provide you with any personalized financial, marketing, accounting or tax advice. Neither Moneris Solutions Corporation (Moneris) nor any of its affiliates shall be liable for any direct, indirect, incidental, consequential or punitive damages arising out of use of any of the information contained in this article. Neither Moneris nor any of its affiliates warrant or make any representation regarding the use or the results of the use of the information, content and materials contained in this article in terms of their correctness, accuracy, reliability or otherwise.

Previous Article
Credit Card Processing – Behind the Scenes
Credit Card Processing – Behind the Scenes

Explore the history of credit card processing, the players that are involved in the industry, and how a tra...

Next Article
Smartphone Dependence, Mobile Payments and Apple Pay
Smartphone Dependence, Mobile Payments and Apple Pay

What does the increase in smartphone use mean for merchants? It means customers want to pay their way. See ...

×

Subscribe to our Insights Blog.

First Name
!
Thank you!
Error - something went wrong!