TOKENIZATION: THE FUTURE OF ACCOUNT NUMBERS. Steve Ledford The Clearing House

Transcription

1 TOKENIZATION: THE FUTURE OF ACCOUNT NUMBERS Steve Ledford The Clearing House

2 Problem Statement: The proliferation of live account credentials creates huge risks Bank issues physical card Plastic at point of sale Future? Ecommerce at checkout Mobile Wallet Web bill payment Mobile Apps Payment Aggregators

3 Tokenization is a tool to mitigate account credential risk Tokenization Substitutes a limited-use random number (secure digital token) for customer s account numbers so that the sensitive information remains safe. Even if compromised, the token is of limited or no use to cybercriminals Typical Attributes of Payment Tokens Format-preserving for legacy compatibility Either dynamic or static ; if static, may be combined with a cryptogram Restricted in scope / not general purpose Can be used live to authorize / clear transactions Token Vaults Bank (or multi-bank) vaults create tokens, perform customer authentication and provision tokens to digital wallets or directories Token Components Consists of digits + expiration date Domain Restrictions limit the use of the token Cryptogram that is unique to each transaction

4 Tokenization process flows Consumer Payment with Token Merchant Acquirer Card Networks Bank Issuer mw *token / account exchange ID&V ew Customer Authentication (ID&V) Token Provisioning) Token Service Provider Token Vault No access to customer bank account information Access to customer bank account information

5 Everyone benefits from tokenization Today With Tokenization Sensitive account information is static Customers provide live bank data to retailers, wallets, alternative payment providers, aggregators, others Fraud risk increasing as cards upgrade to EMV, and as e-commerce and mobile grow Confusing and complicated process to maintain and update consumer information across multiple providers when a card is lost, stolen or expired Customer bank data securely held behind bank firewalls Consumers don t need to provide sensitive information to multiple providers Lower fraud potential in event of data breach or lost/stolen device Single contact point to update and maintain consumer information No change in consumer payment behavior

6 The use of DDA account numbers is also proliferating Bank issues DDA account Jane Doe First Bank 1234 Payroll Jane Doe First Bank Future Faster Payments 3 7 Bill Pay 4 6 P2P 5 Ecommerce at checkout Mobile Wallet Mobile Apps

7 Tokenization is critical for the continued safety and security of the ACH system The proliferation of bank account information for ACH use cases increases vulnerability - According to McKinsey, there are more than two billion instances where banking credentials are being held outside of a financial institution. Tokenizing these credentials is just as important as protecting a credit card account number DDA account number replacement is both expensive (McKinsey estimated at $200 per instance) and cumbersome. Adequate protection of the real DDA information can generate time and cost benefits for both account holders and financial institutions EMV, coupled with tokenization, will bring much greater security for card transactions - Securing card transactions could have the unintended consequence of pushing fraud into ACH. In other geographies, the rollout of EMV led increased fraud in other payment channels Same-day ACH underscores the need for enhanced security measures - The faster clearing and settlement of same-day transactions will increase the attractiveness of the ACH network for fraud. Tokens provide a mitigating tool in the expedited processing

8 DDA tokens have several key features Token Attributes Apply to all DDA tokens Format preserving DDA tokens maintain the same 9 digit routing/transit, and up to 17 digit account structure as the underlying true accounts. The tokens work with existing systems without modification, including conforming to check digit routines Components Routing & Transit Number Either standard ABA, or dedicated token R/T Account Number assigned by TSP Static Token The token itself is static (with a set expiration), and may be paired with dynamic components to create more robust security (see next slide) Two options for token identification: 9 Digit Routing Transit 17 Digit Account Number Either: Or: Dedicated routing number for tokens similar to the URT used by UPIC Existing bank routing number and specified account number range

9 Control attributes increase token security Control Attributes Differ based on risk profiles Domain Control Limits the use of a token based on criteria provided by the RDFI. These could include credit-only (with or without reversals), credit vs. debit, originator ID restrictions, dollar limits, velocity limits, etc. Expiration Tokens expire based on rules set by each RDFI Token Assurance Level A value that represents the level of confidence in ID&V that was performed to authenticate the accountholder Cryptogram (only certain use cases) Adds a dynamic element to tokens, demonstrating authorized use of token. Designed to prevent tokens stolen from an originator being used to generate unauthorized transactions Increasing Security w / Cryptogram & Domain Control w/ Domain Control Token

10 Three tokenization options for RDFIs TSP RDFI Banks may choose to deploy their own TSP service for their account holders Operator Originator ODFI RDFI Operator ACH operators are a natural candidate for TSP service due to central role in routing transactions TSP Operator Originator ODFI RDFI 3 rd Party Third parties (e.g., core processors) may offer TSP services to their financial institution clients TSP Originator ODFI Operator RDFI

11 Where do ACH tokens come from? Provisioning Methodology Tokenization Use Case Description Batch Push: Token Notification of Change (COR) Batch Pull: Token Prenote followed by NOC (COR) Real-time Push: Banking Application Real-time Pull: Provisioning API Unsolicited replacement of DDA credentials with tokens Originator requests a token in order to replace DDA credentials Consumer gets token from banking application and provides token directly to originator, or Banking application pushes token directly to originator Originator needs a token in real-time Can be used anywhere DDA information is held on file, including: Payroll providers Billers Merchants Digital Wallets Any originator with DDA information on file who wants to request a token prior to a forward transaction Payroll providers Billers Merchants Allows consumer to protect their information by never providing it to originators Ecommerce / Mcommerce Mobile payments / Digital Wallets Payroll Billers Account to account transfers Situations where there is little time between consumer registration and the initial forward transaction Ecommerce / Mcommerce Mobile payments / Digital Wallets

12 What does a tokenized future look like? Mass data breaches don t become mass payment fraud events Use of credit-push payments (ACH and real-time) accelerates as receivers feel safe providing tokens to payers instead of account numbers The concept of an account number becomes increasingly irrelevant to customers