Why Tokenization Will Play Growing Importance in Fraud Prevention

Share Button

TokenizationPayment security standards like Europay, MasterCard and Visa (EMV), Host Card Emulation (HCE), and Point-to-Point Encryption (P2PE) have been given much attention and discussion this year. With Apple Pay, we now have a new hype payment security solution called Tokenization.

Tokenization replaces the payment account number (PAN) and expiration date with numeric codes of same length, called tokens.  Tokenization, in my eyes, solves some of the security problems of the back-end process.  It's solving the problem of exchanging information from phone to point of sale terminal (POS), and information processed and sent by the POS to the card processing systems. The timing for Apple to deploy this technology is perfect with stories of card breaches from hacked POS system.

Apple’s recent announcement is also coming out right at the time when EMV is starting to roll out, triggering a major shift in breach liability for 2015. We saw some headlines where tokenization was seen as an alternative to EMV. Tokenization and EMV are different but have complementary capabilities. Tokenization addresses the potential for fraud in the card-not-present scenario within the online/mobile payment channel, but it does not address the physical card risks at the POS terminal. EMV originally required the card to be used at the point of sale. In summary, tokenization allows a simpler and secure way to EMV using mobile devices, and EMV enables the secure use of token-carrying devices.

There is no single solution that is a magic bullet in the fight against cybercrime. Solutions like EMV, tokenization, and P2PE need work together to fully protect a merchant for the payment. Tokenization addresses the storage of card data, EMV addresses the authentication of the card using a chip, and P2PE addresses the transmission of card data.

While each of these solutions effectively address the payment ecosystem, we have yet to see the emergence of new solutions that address the credit card registration process. The process of validating cards remains the same as before which still has a lot of issues. For example, Apple didn’t disclose how they read card pictures to add the card account number. Also, the PAN is still transmitted from the phone to the payment network to get the tokenized PAN. Time will tell if this becomes a new fraud landscape however, as an industry, we are making progress in creating an ecosystem that better addresses the opportunity for fraud.

Related Posts

How to Adopt DMARC in 6 Steps Though you may never have heard of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and email-authentication protocols, the people making sure the emails you receive are safe are quite familiar with them. 
Forbes Features Fraud Prevention: Act Before It’s Too Late   Easy Solutions’ CEO Ricardo Villadiego was recently invited to join the Forbes Technology Council, a select group of technology executives chosen to serve as thought leaders for the Forbes community.

Leave a Reply

Your email address will not be published. Required fields are marked *