Today, the concept of tokenization has gained momentum inasmuch as its implementation represents the end of traditional payment methods and the beginning of a new digital ecosystem in which data security is paramount.
Payment methods before tokenization
Although the evolution of payment methods involves several different aspects over many years of history, there are very specific elements that illustrate the road traveled up to the present day.
During the early days of card payments, when payment terminals did not yet exist, transactions were made using a manual validator that allowed the image of the credit or debit card to be traced on a piece of paper, which left the sensitive information embossed and completely exposed. This transaction data was then used to fill out a form.
As time went by, magnetic card stripes and dataphones were introduced, and later on, chip technology was adopted. The use of the chip significantly increased security, making it less easy to steal a visible card number or to copy a magnetic stripe. As a result, we are now entering an era in which data is more secure, especially with the implementation of contactless technology. In the mid-2010s, when economy digitalization was becoming more popular, tokens began to work their way into the payment ecosystem.
The ABCs of Tokenization
Tokenization was born as a solution to digitize transactions while protecting sensitive data such as card numbers, expiration dates, and security codes (CVV).
A token is a value that replaces and becomes the digital representation of the sensitive data associated with a card. This value can be stored by merchants or in applications, with the guarantee that, if it were exposed, it could not be used for transactions; thus, providing the cardholder with higher security in card-not-present payment methods, such as e-commerce and recurring payments, as well as in payments made with mobile or wearable devices.
Multiple tokens for a single card. A different token is generated each time a card is registered at a merchant or on an application that can request tokens from the corresponding brand. In other words, if the user adds a card to a mobile wallet, it will generate a different token than the one generated for their transportation app, their streaming service, or the e-commerce site they use.
Automatic card data updates. When there are tokens associated with a card but the card numbers or expiration date change as a result of a replacement, this data is automatically updated and reflected in the existing tokens, without the cardholder having to go through an additional process.
Key players in tokenization
There are several key players involved in the tokenization ecosystem. Some are well known in the industry of payment methods, but have new roles, while others emerged along with tokenization. Let’s review the specific roles of each of these key players:
Token usage cases
- E-commerce and card-on-file tokens: if all issuer rules are met, these token requests are usually approved without needing cardholder authentication. This is known as the green flow.
- Wearable devices: this usage case refers to wearable devices that have digital wallets and allow token requests. Some well-known examples are the wallets used in Fitbit and Garmin devices, which store the token in a secure component of the device itself. These generally require user authentication for the request to proceed, which is known as the yellow flow.
- Industry wallets, such as Apple Pay, Google Pay, and Samsung Pay, are wallets that allow token requests for cards from multiple institutions worldwide. These wallets receive special usage cases from the brands due to their distinct characteristics.
- Issuer wallets are generally used in Android devices, which can be classified into two types: (a) a wallet issued by a financial institution only for its customers, or (b) a multi-issuer wallet where several issuers can incorporate their cards.
Tokenization facilitates the implementation of innovative payment methods through mobile or wearable devices, adding a security factor to the transaction, by using device authentication methods before a transaction and by protecting sensitive card data, thus minimizing the risk of fraud, improving approval rates, and, in turn, reducing the number of chargebacks.
When paying with devices, the user experience is simple and smooth, and in addition to offering a wider variety of payment method availability at any given time, it lessens the need to have multiple physical cards on hand. The cardholder authentication required when registering their card in a wallet ensures that the registered card is valid and belongs to the person registering it.
In addition, replacing the card with separate tokens for each token requestor or device minimizes the risk of sensitive data being used by third parties for fraudulent purposes.
The technology of possibility
When thinking about the future of tokenization, we can safely conclude that the future is here and now.
While the future of payment methods and their digital transformation process is bound by the technology implementation and payment regulations of each country or region, we cannot ignore the fact that transaction security, as well as quick and efficient payment methods, driven by the accelerated growth of e-commerce, are the answer to the many years of innovation and evolution of the financial ecosystem.
It is not a secret that new generations move at the speed of technology, which is why issuers must be able to implement solutions that allow them to move along the path of digital transformation at the same pace as their users, and with Evertec, that is possible.
With Evertec, issuers will be able to respond to provisioning requests from various token requestors, manage the life cycle of the token cards associated to the card statements in an automated manner, along with the capability to modify the token life cycle manually, in addition to having a certified host to process tokenized transactions.
Shifting towards 100% digital payment methods, where security and ease of use prevail, is now possible with Evertec and its value-added service: tokenization.
– By Vilma Rodríguez Morales
Issuer product manager at Evertec