Tokenization the next wave of Payments Security

Last week, Apple showcased the new payment service “Apple Pay” that has created lot of buzz in the Internet, offline discussions and across various Forums.

What is so remarkable and revolutionary about Apple Pay?

1. Simplified Payments

Apple has taken the NFC payments to the next level.

Apple has simplified the process of ‘enrolment’ of the Card and associating it with Apple ID. On successful registration of the card Apple Pay assigns a Device Account Number and stores it in the Secure Element of the Device. No card data gets stored in the Apple Pay Server.

The customer pays the transaction by waving their device and authenticating it with their Touch ID (finger print) of their Device. The payment is processed by Apple Pay, using the Device Account Number and a transaction-specific dynamic security code, as a Card Present (CP) transaction.

Apple Pay does not transmit or reveal the credit or debit card, name of the customer on the card etc anywhere in the payment chain.

Apple Pay uses the Tokenization technology at the core of the Payments processing.

What is tokenization?

Payment tokenization is the process of replacing the traditional payment card account number with a unique digital token or digital account number in online and mobile transactions.1

Benefits of tokenization:

Security:
Throughout the payment processing chain, only the token travels from one payment processing entity to the other. So any attempt, to interfere/intercept the data will reveal only the token number.

The tokens also have the encryption keys that ‘lock’ the transactions with a specific mobile device, merchant, or transaction type. Any one trying to intercept the token and misuse it will automatically render the token as useless.

Reduced risk on the processors/merchants:
The merchants and digital payment providers can store payment tokens in place of payment account numbers, this further enhances payment security. 2

Any attempt to breach the databases of the merchant/processor will reveal only the tokens that were used for transaction and no loss of card numbers.

This means, lesser risk to the merchants and processors.

More device options for payments

In the US, Mobile commerce last year grew 56 percent compared to 9 percent for traditional desktop ecommerce3.

The booming mobile based payments bring up the need to have better protection of customer card data and the privacy of the transaction.

During March 2014, EMVCo has published its new standards in Tokenization targeting mobile based digital payments.** The new standards take into account new innovations like Internet Of Things, Wearable devices like Apple Watch that shall be entering the payment domain soon.

The Wearable, Internet of Things devices need to communicate with each other and over Internet without exposing the personally identifiable information of the owner. Tokens are expected to be widely used to send/receive information securely between devices, over public Internet.

Back to Apple Pay, one more remarkable and path breaking aspect of Apple Pay is the sheer size of the payment ecosystem

Apple Pay – the game of numbers

Apple has brought together the key components of the payment ecosystem as partners, during the launch of the service.

Apple Pay was partnering with EMVCo. For the compliance with the technology standards for NFC specifications. Even on the launch day, Apple Pay had ready support from 220,000 merchants, 3 major card schemes (Visa, MasterCard and Amex) and 5 major Banks.

With a strong market leadership position of 41.6% of the smart phone market in US (Jan-14 comscore data) and a registered customer base of over 1 billion customers for its iTunes application, Apple has the necessary critical mass and the brand presence to create its own payment system.

Apple will use Apple Pay to bind the customers closer to Apple.

After all, a great brand is the one that always has one more reason for the customer to buy.

Data Source:
1,2 http://usa.visa.com/clients-partners/technology-and-innovation/visa-token-service/faqs.jsp
3 – http://visatechmatters.tumblr.com/post/97594300710/a-new-era-for-payments-the-secret-sauce-in-apple
** http://www.emvco.com/specifications.aspx?id=263