Page 28 - GS250501
P. 28

Insights and Expertise




        The ERA of tokenization                                  Defining tokenization


        is now                                                  Tokenization first appeared on the scene in 2013 as a
                                                                security standard. However, it quickly grew in popularity,
                                                                and by 2014, Mastercard had launched its Digital
                                                                Enablement Service with tokenization, securing billions
                                                                of transactions that year.

                                                                The process of tokenization creates a "token," which is a
                                                                randomly generated sequence replacing your 16-digit card
                                                                primary account number (PAN). These tokens can't be
                                                                decrypted without the payment network that issued them;
                                                                hence, even if hackers were to access the token database,
                                                                they'd be unable to use them, saving billions of dollars in
                                                                the long run.
                                                                How tokenization works
        By Anne Willem de Vries
        Silverflow                                              When you input your card details into a digital wallet or
                                                                an online merchant's site, the payment system requests a
                 ayment transactions  should not be overly      token from the payment network. This token is stored in
                 complicated; only a little (albeit, specific) infor-  place of your actual card number.
                 mation is needed to process them. Today, the
        P required simplicity of online shopping has            For example, if you save your card details with an
        changed this significantly, but behind the scenes, complex   ecommerce site, the site stores the token rather than your
        security systems are working hard to keep your payments   real card data. During a transaction, the token is combined
        safe.                                                   with a one-time cryptogram generated by your device or
                                                                merchant account to authenticate the payment securely.
        Gone are the days when merely entering a card number     Why tokenize?
        and expiration date sufficed to complete a transaction.
        As cyber threats have grown more sophisticated, so have   Tokenization provides multiple advantages for all payment
        the layers of security and information required to make   stakeholders:
        payments.
                                                                   1. Minimized data usage: Aligning with the require-
        Whether it's the addition of CVVs or the potential sharing   ments of the General Data Protection Regulation
        of data such as your IP address and social media activity,   (GDPR), the process of tokenization helps merchants
        consumers must be more vigilant than ever about the        reduce the volume of detectable information from cus-
        information they provide.                                  tomers.

        Hackers can access stolen payment details on the dark web   2. Simplified compliance: Merchants using tokeniza-
        for just $10 without breaking into the database. NordVPN   tion reduce their burden of complying with the Pay-
        researchers discovered that 1.6 million card details       ment Card Industry (PCI) Data Security Standard
        are illegally available for anyone to use (see  http://bit.  (DSS) and related security standards, saving time and
        ly/3GYw716). Ensuring security should be at the forefront   resources.
        of the process for all payment stakeholders. Merchants
        continue to demand information to develop alternative      3. Enhanced security:  Tokens eliminate the need for
        means to protect cardholders.                              merchants to store sensitive card details, reducing the
                                                                   risk of data breaches. Even if a hacker gains access to
        Payment processors know fraudsters are unlikely to have    stored tokens, they're useless without the correspond-
        access to all the data required to impersonate a genuine   ing payment network.
        customer. Consequently, the more data, the better the
        fraud prevention. However, this approach also introduces   4. Increased fraud prevention: Transactions using to-
        significant risks. With 40 billion records exposed in 2021,   kens are less likely to be fraudulent.  Fewer false de-
        sharing vast amounts of personal data digitally creates    clines mean a smoother checkout experience for cus-
        opportunities for bad actors to intercept and misuse       tomers.
        sensitive information (see https://bit.ly/42Nt70b).        5. Seamless automation: If your physical card is lost or
        What if there were a way to secure your card information   expires, tokenized transactions can continue uninter-
        so that even if it were stolen, it would be useless? Enter   rupted. The payment network updates the token auto-
        tokenization: a technology transforming how we think       matically when your card details change.
        about payment security.
        28
   23   24   25   26   27   28   29   30   31   32   33