What is Payment Tokenization

WHAT IS PAYMENT TOKENIZATION?

Tokenization enables banks,acquirers and merchants to offer more secure (mobile)

payment services.

It is the process of replacing card numbers with alternate values.

The original personal account number (PAN) is disconnected and replaced with a unique identifier called a payment token.

The ‘mapping’ between the real PAN and the payment tokens is safely stored in the token vault.

With tokenization the original PAN information is removed from environments where data can be vulnerable.

Why tokenization?

1. Tokenization heavily reduces the risk of payment fraud by removing confidential consumer credit card data from the payment network.

2. The original card numbers stay in control of the bank. External systems do not have accessto this information.

3. Tokens are random numbers and are not based on cryptography, hence they cannot be traced back to the original value.

How does tokenization work?

A token is generated from the PAN for one time use within a specific domain such as a merchant’s website or channel.

Step 1:

Tokens are sent to the token vault and stored in a PCI-compliant environment.

Tokens are loaded on the mobile device as part of the virtual card profile.

Step 2:

The NFC device makes a payment at a merchant’s contactless point-of-sale (POS) terminal using the token as the card number.

Step 3:

The POS teminal sends the token to the acquiring bank, which sends it to the issuing bank through the payment network.

Step 4:

The issuer de-tokenizes the token to the real PAN and, if matched, approves the payment.

Step 5:

Response from the card issuer is returned to the POS terminal using the token as the card reference.

Step 6:

Payment tokens act like the original PAN for returns, sales reports, marketing analysis and recurring payments.

How can I use tokens?

In order to use tokenization, a bank or merchant should become a token service provider (TSP).

A TSP manages the entire lifecycle of payment credentials including:

1. Tokenization:

Replaces the PAN with a payment token.

2. De-Tokenization:

Converts the token back to the PAN using the token vault.

3. Token vault:

Establishes and maintains the payment token to PAN mapping.

4. Domain management:

Improves protection by defining payment tokens for specific use.

5. Identification and verification:

Ensures the original PAN is legitimately used by the token requestor.

6. Clearing and settlement:

Ad-hoc de-tokenization during clearing and settlement process.

Thinking of issuing payment tokens to secure mobile payments or

secure your online sales channel?

Bell ID can help:www.bellid.cominfo@bellid.com

With over 20 years of expertise, Bell ID is considered the world’s leading provider of lifecycle management solutions for tokens (e.g. smart cards, mobile NFC phones) deployed in single and multi-application programmes.

www.bellid.com

Martin CoxGlobal Head of Salesm.cox@bellid.com