Presentation is loading. Please wait.

Presentation is loading. Please wait.

Decrypting Tokenization What is it and why is it important?

Published byEleanore Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "Decrypting Tokenization What is it and why is it important?"— Presentation transcript:

1 Decrypting Tokenization What is it and why is it important?
Anne Fields, Crutchfield, Director Financial Compliance Nate Morgan, CyberSource, Product Manager Ian Poole, CardinalCommerce, Technical Product Manager

2 Tokenization What is it & Types of Tokens Merchant Perspective
Merchant Considerations Q & A

3 Payment Tokenization: What is it?
Customer Data Other Data Card Data Replaces sensitive data (card numbers, PII data) with a different, unrelated value called a token Cannot be reversed, meaningless to hackers in the event of a breach Mostly follow the PAN (primary account number) format, compatible with existing payment flows, financial systems T

4 Evolution of Merchant Tokenization
Secures stored card and customer data Reduces PCI scope Enables card-on-file Drives omni-channel experiences Supports marketing efforts: analytics, loyalty programs

5 Merchant Payment Tokens
Seamless, friction-less payment experience Your customer data is better protected in the event of a breach Renders sensitive card (and other) data worthless Card data securely stored in your vault PCI scope is reduced; no payment data in your network when using a PSP Tokens, not card numbers used for payment activities Essential for bill payers / returning customers Enables new, “Uber-like” experiences Card updater service highly recommended

6 Comparing Merchant Tokenization Providers ?
Gateway Token Services Acquirer Token Services Proprietary technology, not standardized Designed to safeguards merchants from consequences of data breaches and reduce merchant PCI demands Designed to safeguards merchants from consequences of data breaches and simplify Merchant and Acquirer PCI Tokenization of Payment Data, PII data and other sensitive customer data Tokenization focused on Payment Data Works across all card brands, payment types supported across Acquirers (Acquirer agnostic) Works across all card brands and card issuers supported by Acquirer Tied to Gateway Tied to a Acquirer/Processor Protection of stored card data Reduced PCI scope Processor Agnostic Support for digital payment solutions like Apple Pay, Android Pay, etc. via network tokens Tokenization of PII data (some providers cater to healthcare industries) Proprietary, tied to the acquirer issuing the token- merchant cannot switch acquirers, integrate to/inter-operate with tokens from other acquirers Able to support POS and eCommerce transactions (omni functionality) Other features similar to PSP tokens Protection of stored payment data Reduced PCI scope

7 EMVCo standards; launch of VTS and MDES
Evolution of Issuer Tokenization VTS MDES EMVCo standards; launch of VTS and MDES Enables digital payments such as Apple Pay, Android Pay Powers connected commerce, IoT and other new payment experiences Future applications *EMVCo members include American Express, Discover, JCB, MasterCard, UnionPay and Visa Note: All brand names and logos are the property of their respective owners, are used for identification purposes only, and do not imply product endorsement or affiliation with Visa

8 Issuer-Side (Network) Payment Tokens
Card brands * collaborated as EMVCo, developed standards for worldwide interoperability & security Apple Pay was the first use case, now also Android Pay, Samsung Pay, etc. Visa, Mastercard, Amex built solutions using token standards in the EMVCo framework and are the “TSP” of digital payment tokens Issuers control activation, suspension, deactivation of tokens for cardholder Tokens are unique to device, channel, and stored for future payments May be single or multi-use, merchant specific or have time limitations

9 Comparing Tokenization Approaches?
Issuer (Network Tokenization) Processor (Merchant Tokenization) Based on industry standard Proprietary technology, not standardized Designed to safeguard the payment ecosystem from consequences of data breaches Designed to safeguards merchants from consequences of data breaches Likely requires issuer opt-in participation Likely requires merchant opt-in participation Currently works in limited use cases (mainly the digital payments) Works across all card brands and card issuers Independent of processors and gateways but tied to individual card network Tied to a processor / gateway Processor tokenization may also be referred to as Acquirer tokenization

10 Tokenization & Connected Commerce
Allows commerce to be embedded in everything Device manufacturers, large businesses are becoming token requestors Gearing to enable secure, device-driven on-demand transactions on a massive scale eComm wallet, IoT wallet, Issuer wallet, Wearable wallets, POS – tap and pay

11 Merchant Perspective Why did we consider Tokenization?
How do we Tokenize? What did we want to accomplish with Tokenization?

12 Merchant Considerations
Interoperability considerations Ensure cross-channel compatibility Protect from fraud Recurring/Card on File billing Work with other protocols- 3DS 2.0 Other factor considerations New digital pay adoption Retain access and control of your customer data Consider multi-acquirer requirements Consider tokenization of non-card payment methods Risk Strategy considerations PCI Compliance Cost/Complexity Breach risk / Brand Consequences Security considerations for 3rd Party Seek accredited PCI DSS Level 1 service provider Select a cloud-based solution to reduce PCI scope Augment with other technologies such as hosted payment acceptance, P2PE

13 Questions from the audience

14 Tokenization Panel Anne Fields, Crutchfield, Director Financial Compliance Nate Morgan, CyberSource, Product Manager Ian Poole, CardinalCommerce, Technical Product Manager If you have any questions about the presentation, go to our LinkedIn Group (the Payments Education Forum) and request an invitation (this is a closed group specifically for the payments industry).

Download ppt "Decrypting Tokenization What is it and why is it important?"

Similar presentations

National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Mobile Payment Security The Good, the Bad and the Ugly

Mobile Payment Security The Good, the Bad and the Ugly
PCI DSS for Retail Industry

PCI DSS for Retail Industry
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
The GSMA July 2014 Restricted - Confidential Information

The GSMA July 2014 Restricted - Confidential Information
ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.

ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.
CONFIDENTIAL AND PROPRIETARY ©2014 DISCOVER FINANCIAL SERVICES 2014 Discover ® Dealer Incentive Program & EMV Update.

CONFIDENTIAL AND PROPRIETARY ©2014 DISCOVER FINANCIAL SERVICES 2014 Discover ® Dealer Incentive Program & EMV Update.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
THE TRANSFORMATION OF PAYMENTS. NFC Hosted Payments EMV in the US End-to-End Encryption Mobile POS.

THE TRANSFORMATION OF PAYMENTS. NFC Hosted Payments EMV in the US End-to-End Encryption Mobile POS.
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.

PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.

The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
Our Portfolio Reflects Our Expanding Possibilities

Our Portfolio Reflects Our Expanding Possibilities
The Payment Card Industry (PCI) Data Security Standard: What it is and why you might find it useful Fred Hopper, CISSP TASK - 27 March 2007.

The Payment Card Industry (PCI) Data Security Standard: What it is and why you might find it useful Fred Hopper, CISSP TASK - 27 March 2007.
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)
Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Similar presentations

Ads by Google