Chris Skinner's blog

Shaping the future of finance

The rise of tokenization to secure the Internet of Things

Chris Skinner Author Avatar
by

There are many interesting technologies out there and I haven’t blogged much about one of them: tokenization.  Why am I talking about tokenization today?  Because it was referred to many times by Visa, MasterCard and the card processing firms at Money2020 last week as the key to future transaction security.

So what is tokenization?  If I’m honest, it’s talked about a lot but there aren’t many easy to understand descriptions out there.  This discussion with Dave Fortney of the Clearing House, in an interview with Computerworld last year, provides a good perspective however:

While EMV is great for securing card transactions at point-of-sale terminals, it is less useful for online payments and other card-not-present transactions. That is one of the major reasons why payment card fraud has migrated from point-of-sale systems to online channels in Europe and other places that have already adopted EMV.  Payment card tokenization is one way to address this gap.

Tokenization is a method for protecting card data by substituting a card's Primary Account Number (PAN) with a unique, randomly generated sequence of numbers, alphanumeric characters, or a combination of a truncated PAN and a random alphanumeric sequence.

The token is usually the same length and format as the original PAN, so it appears no different than a standard payment card number to back-end transaction processing systems, applications and storage.

The random sequence, or "token," acts as a substitute value for the actual PAN while the data is at rest inside a retailer's systems. The token can be reversed to its true associated PAN value at any time with the right decryption keys. Tokens can be either single use tokens or multi-use tokens.

Tokenization eliminates the need for merchants, e-commerce sites and operators of mobile wallets to store sensitive payment card data on their networks.

With tokenization, credit and debit card data is encrypted at the point where it is captured and sent to the merchant's payment processor where the data is decrypted and the transaction is authorized. The processor then issues a token representing the entire transaction back to the retailer while the actual card number itself is securely stored in a virtual vault.

The retailer can use the token to keep track of the transaction and handle refunds, returns, exchanges and other transactions. The token itself would be of little value to data thieves because there would be no way to link the token back to the PAN without the decryption key.

Customers would do nothing different when paying for purchases using a credit or debit card. The card data is encrypted when the card is swiped through the payment terminal, sent to the processor where it is decrypted for transaction approval processes, and a token issued to the merchant all without the customer experiencing anything different.

Tokenization can also be implemented on-premise with the merchant itself hosting the server that does the decryption and token issuance.

Tokenization also offers a great way to secure emerging mobile payment applications. A mobile wallet operator like PayPal or Google could use the approach to store one-time use tokens in a consumer's virtual wallet rather than actual credit and debit card numbers. Consumers could use the tokens to make purchases like they would with an actual payment card while merchants would be able to complete a transaction without touching or storing actual PAN data.

One major advantage with tokenization is that it does not require merchants to make major changes to their current payment acceptance systems, like EMV does, Fortney said. Tokens are formatted in the same manner as card information so merchants have to make relatively minimal changes to their payment systems.

The real heavy lifting would happen at the banks, or other entities that store PAN data, generate tokens and keep track of them through the entire transaction chain.

That discussion pretty much summarises tokenization and tokens, but why is this so important?  Because Visa and MasterCard are doubling down their efforts to roll out tokenization around the world.  This was made clear during Money 20/20 with several key announcements, most notable of which was MasterCard’s tokenization to enable the internet of things.

So watch out for a token year you in the not too distant future.

UncategorizedCategories
Chris Skinner Author Avatar

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...

Intelligent Money: Our Future Is Where We Do Not Think About Money, As Our Money Thinks For Us

What is the future?

Learn more

Learn more about Chris

About Chris Skinner

The Past, Present And Future Of Banking, Finance And Technology

Fintech expert Chris Skinner: countries need digital transformation to remain competitive

Join me on Linkedin

Follow Me on X!

Hire Chris Skinner for dinners, workshops and more

Learn directly from from one of the most influential people in technology, gain insights from the world's most innovative companies, and build a global network.

Chris’s latest book

Order now

Chris Skinner’s ‘Intelligent Money’ Book Launch Event

Top 50 Global Thought Leaders and Influencers on Finance 2024

Global Awards

Lifetime Achievement Award

Global 100 - 2024 Winner

Chris Skinner - Financial Markets Advisor of the Year - The Finanser - UK 2023

Best Financial Markets Advisor of the Year 2023

30 Best Regtech Blogs and Websites 2023

Kids creating the future bank | TEDxAthens

Captain Cake and the Candy Crew

Captain Cake Winner of a Golden Mom’s Choice Award

TWO-TIME WINNER OF A MOM’S CHOICE GOLD AWARD!

Alex at the Financial Services

Gaping Void's Hugh MacLeod worked with the Finanser