Building a bright new Tokenized payment security future for MFS
Users of mobile financial services are getting more and more sophisticated, resulting in a growing demand for a seamless and connected omni-channel shopping experience. They also want to be sure that their digital payment experience is secure and not vulnerable to hacks. With cyberattacks becoming more and more sophisticated and prevalent, tokenization has become key in payment data security. To protect consumers’ accounts from fraud, tokenization has become the latest weapon to secure card free and frictionless payments in online and mobile commerce environments.
Mobile wallets have become the epicenter of all connected devices. By utilizing tokenization technologies, sensitive data are replaced by non-sensitive data, since tokenization randomizes credit or debit card numbers during transactions. Since a random string of digits is sent to a retailer instead of actual account numbers, it is much more difficult for hackers to steal customers’ financial information. That is why tokenization provides optimal protection to issuers, merchants and cardholders alike.
Tokenization is aimed at keeping payment data safe by reducing the vulnerability of sensitive data stored on mobile devices or on merchant servers. When transmitted over networks during payment, it replaces static credentials such as the 16-digit PAN and expiration date on a plastic cards. This provides superior security.
Types of Tokenization for Mobile Payments
There are currently two types of tokenization that are important for MFS providers: payment tokenization and database tokenization.
Payment tokenization consists of tokens used by merchants or digital wallet operators that can be stored in EMV chip cards and NFC devices in order to protect payment transactions. It is based on the Payment Tokenization Technical Framework issued by EMVCo and is referred to as protecting payment details “in transit” since they are being routed between platforms and agencies. With payment tokenization, MFS providers can better protect payment information, since a token only applies to a pre-defined domain, a specific device, a specific merchant and for specific goods or services, which makes it uninteresting for cybercriminals. Implementing payment tokenization is seamless, since it does not impact the physical POS terminals. Furthermore, payment tokenization has made onboarding new customers for mobile financial services easy, since a customer can sign up and use mobile financial services within seconds which is significant drive for mobile payment adoption.
Database tokenization in aimed at protecting vast repositories of payment details that banks and retailers (online or brick-and-mortar) store when processing payments of repeat customers. It is aimed at protecting payment data “in rest”, where a payment record (card-on-file data) is being stored for later referral or processing.
TaaS – tokenization as a service – the new SaaS for payments
Tokenization-as-a-Service is the latest trend in MFS security. According to Gartner, regulatory compliance measures (e.g., related to the Payment Card Industry Data Security Standard) drive the interest in Tokenization-as-a-Service, since it avoids housing personally identifiable information (PII) or other confidential data.
Tokenization-as-a-Service is gaining ground, since it offers various advantages. First of all, it eliminates the up-front costs associated with implementing a tokenization solution such as software and hardware purchases. Secondly, it streamlines tokenization implementation as well as operational and monitoring functions. Thirdly, since TaaS operates between tokens and the payment data, it can also boost sales and marketing analysis, fraud analysis and other business functions.
2016 will be the year of TaaS for the larger payment networks as well with MasterCard launching its MasterCard Digital Enablement System. This Tokenization-as-a-Service is a MDES platform aimed at iPhone 6, iPhone 6 Plus and the Apple Watch. It will enable secure payments to take place for contactless and in-app payments. Using tokens will enable MasterCard to deliver a more secure and a better payment experience, since it will provide an extra layer of security by locking a token to a specific device or channel. Once a token is compromised or a cybercrook tries to use that token, the MDES will block that specific transaction.
Mission-critical tokenization is a must have for MFS providers and their customers
Tokenization is one of the best ways to protect mobile payment information, and is a critical element for mobile payments to reach its full potential. Thanks to payment tokenization, banks and MFS providers are combining payment tokenization with additional security measures and risk mitigation techniques (e.g., dynamic keys and strong cryptography) to mobile payments. Tokenization is a valuable part of MFS since it offers protection by making mobile payments safer and more convenient.
Although there are several players jumping on the TaaS bandwagon, ranging from Fintech startups to larger technology providers who want to penetrate the TaaS market, it is essential for MFS providers to thoroughly vet their (potential) TaaS provider. When assessing a TaaS candidate, there are a few elements to take into account. The Tokenization-as-a-Service must use proprietary secure algorithms, needs to generate cost savings, must enable faster onboarding of and greater adoption by new and existing customers, and provide risk mitigation.
To learn how Amdocs provides TaaS to MFS providers, click here.