The Container Factor

December 29, 2015
/   Voices

New technology to ease application shipment could make a big difference for many financial service institutions

Foolhardy Predictions for 2016

December 28, 2015

If history is any guide, it’s foolish to make predictions about the banking industry. There are too many external...

Banking with Non-Banks

December 18, 2015
/   Voices

Walmart Pay could be another step in companies outside financial services getting in on the action

Fast Facts: Student Loans

January 22, 2013
/   Insights

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services...

What We’re Reading

May 5, 2011
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let...

Google and Samsung are two of the big name mobile wallet providers to join MasterCard’s new programme designed to speed up tokenization. The Digital Enablement Express scheme was launched in early September, with Capital One, Fifth Third Bank and KeyBank among the first issuers on board. It makes it easier for wallets like Android Pay or Samsung Pay to request payment tokens via the MasterCard Digital Enablement Service.

According to MasterCard, the service lets financial institutions access new digital payments services, while partners like Google or Samsung benefit from a simple onboarding process with participating banks.

“Working with MasterCard’s Express platform will give us a highly scalable way to enable issuing banks to participate in Android Pay, while at the same time, launch a service that has broad consumer access,” said Ariel Bardin, Google’s vice president of payments.

What is tokenization?

Tokenization is an important step for securing payments, particularly for contactless transactions. In tokenization, the card’s primary account number (PAN) is replaced with an alternate card number called a token. These tokens can be single- or multi-use; and they may be stored and managed in the cloud, in a token vault, or at a merchant location. Replacing the PAN with a token reduces losses from any merchant data breach, such as those suffered in the US last year. While no system is ever going to be 100 per cent secure, tokenization makes the compromised data less valuable to the fraudster.

Tim Sloane, vice president at Mercator Advisory Group for Payments Innovation, believes tokens will transform payments.

“Tokenization will change the payments industry in interesting ways,” he says. “The networks have clearly carved out a new business model for themselves, and the implementation of tokens will enable payment providers to enter adjacent markets, such as identity management and loyalty management, if they wish.”

Tokenization confusion

MasterCard says the scale and reach of its Express scheme will prove important. By having one set of standards, the tokenization process becomes far quicker and easier. We’ve seen before in payments that when a single standard is followed, rather than multiple, competing versions, it speeds up adoption and creates savings. Tokenisation is a case in point. EMVCo, PCI SSC and The Clearing House are all investigating its potential and working on standards.

And because of different approaches, there is scope for confusion.

Avivah Litan, the Gartner analyst, points out that “EMV tokens, as first implemented by Apple Pay and the payment card networks, are based on different protocols than the tokenization systems merchants use to limit the scope of PCI audits, leading to potentially conflicting token implementations”. Merchants can be left with two tokens for one card or, worse, no way to get back to the original card number for things like chargeback or disputes.

Dave Meadon, EMVCo executive committee chair, says: “It is vital that we have a consistent approach to identify and verify a payment token request, which is supported by industry-agreed channel controls to manage where and when the payment token can be used.”

“This level of consistency eliminates data vulnerabilities at key points in the transaction, which ultimately enhances security.”

Tokenization is proving a key part of improving payment security, but there are few issues to iron out first.


Insights’s perspective on industry news and trends



Must-read news and insights from financial industry leaders



Compelling voices and contributed content from around the web

James W. Gabberty

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Marisa Mann

Marisa Mann brings over 15 years of experience in consulting and financial services industries to the Solstice team, working on large scale enterprise initiatives across many technologies, including specializing in the digital space – Internet and mobile. Mann is passionate about mobile and the endless possibilities for the enterprise, delivering business value through strong brand recognition and driving to excellence in the consumer experience. Prior to Solstice, Mann worked at JP Morgan Chase, Diamond Management and Technology Consultants, Washington Mutual, Inc, and Accenture.

Brad Strothkamp

Zachary Ehrlich

25-year-old writer, and as a native San Franciscan, I am unreasonably loyal to Bank of America, if only for their superhero-like origin story, involving the 1906 earthquake and Italian fruit vendors.