Community
The changes in the e-commerce and digital transactions sphere have been evident for quite some time now, as we dwell in a period with such developments occurring at an accelerating pace. Given this context, the need for safeguarding critical financial data has never been greater. With more and more individuals trusting their financial information to online platforms, there is a significant increase in the risk of data breaches. This rise has brought attention to high-profile cases like the recent American Express credit card data leak that occurred due to a third-party security incident. These changes have pushed the finance sector to search for solutions that can address risks unique to electronic transactions.
Here comes the advent of payment tokenization – an innovative methodology that was born in the early 2010s to counteract the growing menace of data breaches and privacy violations. Tokenization is a technique where sensitive payment information such as a 16-digit credit card number or cardholder name is replaced with another set of symbols, known as “tokens,” that have no meaning outside the system. These tokens serve a value only within certain defined conditions, similar to casino chips which are valid only within casino premises, offering control over cash transactions.
The parallelism of tokenization revealed by this metaphor signifies that both safety and ease can be met through it. As this technology has progressed to a maturity level in terms of its use, adoption has increased substantially: it is demonstrated by a major milestone where tokens issued by Visa, in the last two years, surpassed physical card circulation. This significant feat shows not only the increasing reliance on digital means of payment but also underscores the role played by tokenization in shaping a secure yet efficient and customer-centric financial transaction system.
In this investigation, we will be exploring the fundamentals, operational methods, and impacts of tokenization. I strive to give a holistic perspective on how this technology has formed a bedrock of today's financial strategies and provided safeguarding information in a new manner, and also how it has changed our approach to digital transactions.
Understanding Tokenization
Though tokenization is indeed a major contribution to digital payments ensuring high levels of security and being user-friendly, one must first understand the key participants in the ecosystem and how tokenization introduces new dynamics to this environment.
The Traditional Four-Party Model
The basis of card transactions resides within the long-established four-party system, where the main actors are the Merchant, Issuer, Acquirer, and Cardholder. These components define the framework of a payment system with each entity fulfilling an essential function:
Merchants refer to individuals or organizations that are engaged in selling goods and services.
Issuers stand for financial institutions from which consumers receive credit or debit cards.
Acquirers are banks or other financial institutions that facilitate merchant acceptance and processing of credit or debit card payments.
Cardholders are individuals who utilize bank-issued credit or debit cards for making purchases.
The model can be better referred to as the “payments layer cake,” which implies the layered and interconnected system of transaction processing. More information can be found in this article. Meanwhile, we will explore further.
Introduction of Token Service Providers and Token Requestors
As tokenization evolved, two more distinct groups have been added into the fold, which are Token Service Providers (TSPs) and Token Requestors. TSPs are entities that possess a certain regulatory oversight, are often certified by EMVCo, and are responsible for creating tokens. They play an essential role in ensuring that the tokens generated adhere to the high-security standards required for financial transactions. Token Requestors refer to those entities that approach TSPs to create tokens for them. These can include major tech giants such as Apple, Google, or Samsung that have entered the digital wallet market sphere.
The Mechanism of Tokenization
Within the scope of the ordinary tokenization process, the authentic card details designated as Primary Account Numbers (PANs) are substituted by tokens. For example, device account numbers (DANs) are used for wallets based on devices such as Apple Pay and Google Pay. This significantly reduces the chances that sensitive financial information may be intercepted or seen by an unauthorized person since the issued tokens are only random alphanumeric characters without any context.
Apple Pay example as shown in How Apple Pay works under the hood? | by Prashant Ram | codeburst
Our discussion up to this point has focused on just one type of tokenization, which is device-based; but today, 4-5 different payment tokenization methods are widely known and used by organizations. Now, let us study them individually in the next part.
Types of Tokenization
Credits: The Token Layer Cake - by Simon Taylor
PSP or Processor Tokens:
In the market, there are solutions such as Adyen, Stripe, and Worldpay that can provide tokens to simplify the process of PCI DSS compliance for merchants and also allow them to connect different value-added services like fraud protection. This type of approach is used by companies that are looking for complete payment solutions.
Device Tokens:
Among digital wallets (Apple Pay, Google Wallet, and Samsung Pay), device tokens have been given more attention since the number of digital wallet transactions is supposed to soar to USD 25 trillion by 2027, as reported by Worldpay Global Payments Report 2024. They serve as a critical security layer for mobile transactions.
Network Tokens:
Network tokens, which Visa and Mastercard also create for merchants as they operate on a variety of payment service systems, are believed to help make a transaction not only more efficient but also more flexible. These tokens are tailored to streamline the payment process and provide security confidence to large retailers.
Miscellaneous Tokens:
A broad category that includes tokens for specific use cases and emerging markets, notably within web3 and cryptocurrencies. In the future, as technology continues to evolve and innovate, there will be many different types of tokens that will surely contribute towards the security and efficiency of payment systems.
Challenges and Regulatory Considerations
Using tokens has been a good initiative in ensuring safety, but at the same time, it adds a technical layer that can be tough on the merchants, especially when they are dealing with many token types all at once. This level of complexity is not only about operating various token systems but also about overcoming the difficulties posed by each token meeting the merchant's expectations. Such ambition may lead to fewer cases of interconnectivity between systems, thus frustrating trade facilitation for merchants and risking possible interference in a customer journey that should be less abrasive.
On the other hand, it would be an injustice to undermine the importance of card networks in the field of tokenization. These networks often leverage their substantial power to establish rules that favor their particular tokenization techniques. Visa is a well-known advocate for the adoption of its tokens in merchant-initiated transactions, a policy that aligns with other large networks prioritizing their proprietary token solutions. These strategic moves highlight the inherent conflict between striving for more secure systems and the commercial rivalries among various token issuers.
The regulatory environment is fluid regarding tokenization, as rules and directives are in the process of being established to cover these kinds of issues. Nevertheless, the equation of safety gains, technological details, and influential business actors’ particular interests make a spectrum that ought to be treaded lightly by all parties concerned.
Concluding Thoughts
The significance of tokenization in the payment services industry can be understood in the way it has moved beyond mere security and emerged as a battleground for payment providers fighting for merchant share of wallet. The use cases for this technology are also anticipated to go far beyond those that are conventionally focused on ensuring the security of payments, such as digital identities and the tokenization of physical assets. By expanding its focus, this paradigm shift marks a future in which tokenization will not only guarantee payment protection but will also alter the landscape of transactional markets and wealth storage industries, thereby impacting how we relate to the digital domain.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Prakash Pattni MD, Financial Services Digital Transformation at IBM Cloud
11 November
Mouloukou Sanoh CEO and Co-Founder at MANSA
Brian Mahlangu VP Product: Digital Platforms Mobile at Absa Bank, CIB.
Roman Eloshvili Founder and CEO at XData Group
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.