Download presentation
Presentation is loading. Please wait.
Published byDuane King Modified over 5 years ago
1
DieboldNixdorf.com Tokenization Roman Cinkais |
2
Tokenization in different context
Pseudonymization of data Initial Public Coin Offering Identification of sensitive data Cryptography Key Management Data Security Mobile Payments
3
Tokenization in payments
Is process of replacing card number (PAN) with token The original card number is under the control of the issuer, and external systems can not access it Tokens are random and it is not possible to deduct the original card number from the token Reduces the risk associated with payment fraud, the original card number does not occur on the payment network It is one of the techniques for reducing scope of cardholder data environment (CDE, PCI DSS) …enables entities to offer more secure and more tailor made payment services…
4
Support of token categories
Token categorization Irreversible (Card identification) It is not possible to get the original card number from the token Reversible (Payment tokens) There is a reverse process called de-tokenization, which we can use to get back the original card number
5
Standards – payment tokenization
PCI TSP Security Requirements: Additional Security Requirements and Assessment Procedures for Token Service Providers (EMV Payment Tokens) EMV® Payment Tokenisation Specification: Technical Framework UX, Security and functional requirements of card associations
6
Alternative payment channels
Payment tokenization Payment tokens can be used to create a payment transaction at payment terminals or on a website Often referred to as DPAN (Digitized PAN) Reduces the risk of compromising your actual card (payment token compromise != card compromise) Payment token Mobile/Smart Device E-Shops (e-commerce) Alternative payment channels Payment options
7
Payments Online Tokenization provides innovative and secure payment methods for online merchants In-App Tokenization mediates payment directly in the application in a secure way, payment is made at the time of authorization In-Store Tokenization creates the ability to pay using smartphones and wearables through NFC technology or QR codes
8
Risk Management – EMV Framework
information related to payment token data to ensure that payments are made within defined channel, authorized by user/owner of the token Examples: tokens only for e-commerce use, or valid only for one merchant, one time token, ability to create QR payment or EFT payment, etc. Token Domain Restriction Controls The quantification of the risk associated with the environment where we request the creation of a payment token or payment based on which a form of user verification is required Examples: storage of token information inside SE/TEE, or in a software based secure envelope, security policy Token Assurance
9
Token Service Provider Decomposed
Tokenization Registration & Onboarding Identification & Verification Life-cycle Management De-tokenization Token Requestor Management Domain Restriction Controls Eligibility Checking Token Requestor Token Vault Authorization
10
In-store payment T T T N
11
E-commerce (online) payment
12
Diebold Nixdorf tokenization solution
What is tokenization? For what purpose it is? What can be new payment channels and options? Impact on user experience? How to deploy tokenization? Security of tokenization data and environment? Compliance with Payment Card Industry?
13
Thank You for listening to today’s presentation.
Roman Cinkais
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.