Quick Guide. Token Service Provider

Similar documents
Quick Guide. Token Service Provider

HCE E-Book HOST CARD EMULATION: NFC S MISSING LINK

Ensuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015

Tokenization: The Future of Payments

Mobile and Contactless Payments Requirements and Interactions

Tokens, Tokens, Tokens: What are the different kinds of tokens and what do they do?

HCE Driving NFC: From Idea to Reality to Ubiquity. Mobey Day October 7/8, 2014

Tokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC

Tokenization: What, Why and How

The Evolution of Payment Specifications and Tokenization. Smart Card Alliance and EMVCo Webinar November 4, 2015

EMV Migration Forum. How EMV Significantly Lessens the Impacts of Data Breaches. David Worthington, Principal Consultant// 12th March 2014

Best Practices For Tokenization Projects In The Payments Industry

In this Document: EMV Payment Tokenisation Payment Account Reference (PAR) FAQ EMV Payment Tokenisation Technical FAQ

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

Top 5 Facts Merchants Need To Know About EMV

EMV: Facts at a Glance

Semi-Integrated EMV Payment Solution

Apple Pay and Tokenization Background and Overview

Ignite Payment s Program on EMV

Introduction to EMV BEYOND PAYMENT

EMV: Strengthen Your Business Through Secure Payments

Healthcare Identity Authentication and Payments Convergence: A Vision for the Healthcare Industry

Is Your Organization Ready for the EMV Challenge?

VARTECH NATION. EMV Certification for IT Professionals

Agenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions

EMV Implementation Guide

EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011

EMV Terminology Guide

EMV FAQ S FROM A MERCHANT S PERSPECTIVE

EMV Validation (on-behalf of) Service

ADDING VALUE TO SECURITY. How Issuers Can Leverage Tokenization to Capture New Revenue-Generating Opportunities. firstdata.com

The Evolution of Payment Specifications and Tokenization. Smart Card Alliance and EMVCo Webinar October 1, 2015

Beyond Tokenization Ensuring secure mobile payments using dynamic issuance with on-device security and management

The Small Business Guide to Mastering EMV

TAS CASHLESS 3.0 FOCUS ON. The absolute framework for electronic payment management. CASHLESS 3.0: the ultimate. payment experience

EMV THE DEFINITIVE GUIDE FOR US MERCHANTS AND POS RESELLERS

Heartland Payment Systems

EMV A Chip Off the New Block

EMV in the U.S. Liability shift; what does this mean for the U.S.?

TOKENIZATION: THE FUTURE OF ACCOUNT NUMBERS. Steve Ledford The Clearing House

EMV: The Next Generation of Payments

EMV and Educational Institutions:

Why contactless pickpocketing is impossible

TRANSPORT TICKETING IN INDIA. How to create a sustainable ecosystem

Stock Taking Exercise & Implementation plan Progress Report

See Your Customers, Not Payment

Is there a case for the regulation of Tokenization services?

EMV Secure Remote Commerce. Frequently Asked Questions (FAQ)

EMV is coming. But it s ever changing.

Effective Communication Practices for U.S. Chip Migration. Communication & Education Working Committee June 2014

Visa s Future of Security Roadmap: Australia

Transaction Management & Payment Solutions

The Changing Landscape of Card Acceptance

EMV 3-D Secure Press Kit Q&A

BANKWORLD POS. Today s solution for tomorrow s self-service bank BANKWORLD BANK ON THE FUTURE WITH TODAY S TECHNOLOGY CR2.COM

Aconite Smart Solutions

PCI BLOG. P2PE, EMV, Tokenization, Oh My!

ECSG (Vol Ref. 8.A01.00) SEPA CARDS STANDARDISATION (SCS) VOLUME. Payments and Cash Withdrawals with Cards in SEPA

Testing & Certification Terminology

The Future of Payment Security in Canada

EMV Adoption in the U.S.

MAKE WAY FOR THE EMV CREDIT CARD. What You Need to Know for a Smarter POS Strategy.

Innovation at Scale. James Anderson Executive Vice President Mastercard

SellWise User Group. Thursday, July 16, Presenters. Will Atkinson, President CAP/Sellwise Mike Watkins, Member Care & Shared Services

EMV: Frequently Asked Questions for Merchants

WHITE PAPER. Focus on value added services by network companies a paradigm shift. Rahul Kaushal, Ramakant Mittal

EMV and Apple Pay. The world of credit cards is on the move.

EMV Frequently Asked Questions for Merchants May, 2015

HCE, Apple Pay Real NFC Game-Changers? WHITE PAPER

HCE, Apple Pay The shock of simplifying the NFC? WHITE PAPER

EMVCo: Operating Principles

CHIP CARDS. Banks are issuing payment cards embedded with security chips to help protect you against fraud at the register. What is a Chip Card?

Technology Developments in Card-Based Payments WACHA Payments 2013

Proxama PIN Manager. Bringing PIN handling into the 21 st Century

Frequently Asked Questions

EMV 3-D Secure Press Kit Q&A

ATM Webinar Questions and Answers May, 2014

EMV: GET READY. Michelle Thornton, CO-OP Financial Services

EMV Basics and the market

Pinless Transaction Clarifications

Payment Digitalization and the University Smart Card

Investigating the myths and realities of contactless payment

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

Finding the Best Route for EMV in the US

Technologies for Payment Fraud Prevention: EMV, Encryption and Tokenization

Open Loop Payment systems

Crash Course: What are EMV and the EMV Liability Shift?

EMV Migration Updates and Next Steps

E-Debit International Inc. Introduction to Transaction Processing. Basic Overview of our Payment & Processing Systems 08/13

Card Payment acceptance at Common Use positions at airports

Helping merchants automate testing practices.

Target, the third largest retailer in the U.S., suffered a

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

Covering Your Bases: The State of EMV & Beyond

Frequently Asked Questions for Merchants May, 2015

How Safe Are Mobile Payments? MAC Webinar

Frequently Asked Questions

EMV Cards - Chipping Away at Fraud


Transcription:

Quick Guide Token Service Provider

Introduction to Mobile Payments The mobile payments revolution is here! Driven by the development of near field communication (NFC) enabled smartphones, the launch of various mobile payments platforms and a sharp increase in consumer demand, the contactless payments market is set to be worth $9.88 billion by 2018 (Source: MarketsandMarkets). The value of mobile payments is projected to hit $721 billion by 2017, increasing from $53 billion in 2010. (Source: Statista). The rise of mobile payments has been accompanied by a lexicon of new and technical buzzwords, many of which refer to security measures that can be applied to the mobile payments infrastructure. The tokenization process has given us a number of terms, among which token service provider features front and center. To fully appreciate the role of the token service provider, it is helpful to also understand tokenization technology and how it is utilized to secure mobile payments. "The value of mobile payments is projected to hit $721 billion by 2017, increasing from $53 billion in 2010."

What is Tokenization? Tokenization reduces the value of stored payment credentials by replacing them with a randomly generated number which resembles the customer s primary account number (PAN). This unique identifier, called a Payment Token or Tokenized PAN, is worthless if stolen as it essentially acts as a reference for a consumer s corresponding card data which only the card networks and/or the consumer s bank can map back to the original account. "The value of mobile payments is projected to hit $721 billion by 2017, increasing from $53 billion in 2010."

How Does Tokenization Secure Mobile Payments? Token PAN Phase 1 Prepare Tokenization A payment token is generated from the PAN. For security reasons, tokens can be restricted to be valid for single use and/or use within a specific domain. The token is then sent to the token vault, typically, a Payment Card Industry-compliant environment. Phase 2 Bank Loads Token on Device Tokens are loaded onto the consumer s mobile device as part of what is known as the virtual card profile. Approved Token Phase 3 Make a Payment The NFC device makes a payment at a merchant s contactless point-of-sale terminal using the token as the card number. Phase 4 Connect With Network Through The POS terminal sends the token to the acquiring bank, which sends it to the issuing bank through the payment network. Token Phase 5 Detokenize The issuer de-tokenizes the token to the real PAN and uses the real PAN for authorization and funds transfer. Phase 6 Finalize Payment The real PAN is re-tokenized and the authorization response is returned to the POS terminal.

What is a Token? A payment token is a surrogate randomly generated number which replaces the customer s PAN. Tokens are reversible and generated at the payment issuer level meaning that they can be securely mapped back to their original card account numbers by the provider of the payment token and authorized entities only. What is a Token? A payment token is a surrogate randomly generated Whatwhich is areplaces TokentheVault? number customer s PAN. Tokens are reversible and generated at the payment issuer level meaning they be securelyand mapped back to A tokenthat vault is can a centralized highly secure their original cardissued account numbers bythe the PAN provider of server where tokens, and the paymentthey tokenrepresent, and authorised entities only.` numbers are stored.

Where Does Tokenization Fit in the Payment Processing Chain? The implementation of tokenization has led to the involvement of new actors in the payments ecosystem. In a non-tokenized payment, the card information is simply sent down the payment processing chain from the merchant to the issuing bank which relays the information back down the chain. With a tokenized payment, however, there needs to be an entity within the ecosystem that issues and manages the tokens. This entity is known as a token service provider. What is a Token? A payment token is a surrogate randomly generated number which replaces the customer s PAN. Tokens are reversible and generated at the payment issuer level meaning that they can be securely mapped back to their original card account numbers by the provider of the payment token and authorised entities only.`

What is a Token Service Provider? The token service provider is an entity within the payments ecosystem that is able to provide registered token requestors for example the merchants holding the card credentials with surrogate PAN values such as dynamic/alternate PANs, otherwise known as payment tokens. These payment tokens can only be used temporarily in a specific domain such as a merchant s online website or a channel, for example a mobile device to make an NFC payment. Payment credentials are protected throughout the transaction as the surrogate data obtained from a data breach will be largely useless to hackers. The issuance and remote management of the payment credentials provided by token service providers must comply with specifications defined by EMVCo and the globalpayment schemes; this can take place in the cloud using HCE or on a smartphone inside a secure element. "The token service provider is an entity within the payments ecosystem that is able to provide surrogate PAN values."

What is The Role of a Token Service Provider Token service providers have the ability to issue and manage the entire lifecycle of payment credentials, implement tokenization to reduce payment card fraud and manage transactions to integrate with the existing authorization host by converting or validating cryptograms as well as performing processing checks. This process includes: 1. Tokenization 4. Domain Management Replacing the PAN with the token. 2. Detokenization Offers additional security by restricting tokens to use within a specific (retail) channel or domain. Converting the token back to the PAN using the token vault. 5. Identification and Verification 3. Token Vault Ensures that the payment token references a legitimate PAN from the token requestor. Establishing and maintaining the payment token to PAN mapping. 6. Clearing and Settlement` Ad-hoc detokenization during the clearing and settlement process.

Who Can Be a Token Service Provider? Token service providers are responsible for a number of other functions. They oversee the ongoing operation and maintenance of the token vault, deployment of security measures and controls, and the registration process of allowed token requestors. The token service provider can be a wholly independent party from the payment network or payment processor, or alternatively can be integrated with a payment network or payment processor. Essentially, any entity within the payment ecosystem can become a token service provider if they need to perform that role. How to Become a Token Service Provider Service providers can either draw on the services provided by selected payment schemes to manage the tokenization process. Alternatively, they can insource a solution to enable them to host and manage their own vault.

The Benefits of Becoming a Token Service Provider? In adopting the role of the token service provider, issuers, acquirers and merchants that wish to offer mobile payments to customers can manage all elements of the tokenization process. There are several reasons why entities, like issuing banks, would consider becoming a token service provider and manage their own tokens: Reduced Payment Network Fees Flexibility to Expand to Other Uses Issuing and managing tokens internally means you will not have to request tokens from a third party, saving service fees. Service providers can also avoid detokenization charges. Service providers that manage their own token vault can easily expand their services to encompass other related areas, such as embedded secure elements in mobile devices, the cloud, ecommerce or card on-file scenarios. Increased Security Service providers won t have to integrate with any third parties to perform this service, so their security is increased. They keep full control of the original PAN number and have no requirement to share it. They also have no need to integrate with third party external systems, which could generate security vulnerabilities. Reduced Time to Market Controlling a proprietary token vault means that service providers have the freedom to determine when and where to launch their tokenized services. Competitive Edge By taking control of the project, issuers can control the information shared outside of the organization. In taking a service, banks may need to share details of product and service development plans with third parties so that integration work can run in parallel. In a fast-paced market, banks and service providers don t want to share their roadmap outside of the organization to ensure they keep their competitive edge.

Conclusion Issuers worldwide rely on Rambus software to safely issue and manage credentials on many millions of smartcards, smartphones and connected devices. Whether it s EMV payments data stored on a chip card, in an NFC-enabled mobile device or in the cloud leveraging HCE, Rambus has the expertise to manage the lifecycle of any application on any form factor and has one of the largest teams worldwide dedicated to this field.

References 1. Transport statistics Great Britain 2016 UK Department for Transport 2. EMV in public transport: Needs and benefits Global Mass Transit Report 3. Ticket readers, single use The World Bank 4. EMV in public transport: Needs and benefits Global Mass Transit Report 5. Number of smartphone users worldwide from 2014 to 2020 (in billions) UK Statista Number of smartphone users in the United Kingdom (UK) from 2011 to 2018 UK Statista Near field communication (NFC) and transit: Applications, technology and implementation considerations Smart Card Alliance rambus.com/mobile-payments Rambus Inc. Stationsplein 45 A6.016 3013 AK Rotterdam, The Netherlands rambus.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback