The Evolution of Payments: From EMV to CoF e-Commerce


The “arms race” surrounding technology is fostering an environment heavily focused on innovation, creation and advancement within today’s payments landscape. Though the financial industry has been slightly hesitant to adopt major changes to the status quo, it is now rapidly evolving to align with the changing times. This evolution began years ago with the introduction of credit cards as a means for purchasing goods and services without direct cash in hand.

While the introduction of the credit card represented a significant change for the payments industry, the evolution of payments continues to move at lightning speed. However, when it comes to introducing new technologies, data security remains a major concern.

The introduction of EMV chip card technology revolutionized payments security both in the U.S. and abroad. And while adoption of this technology has been slow, according to Market Research Hub, the global EMV point-of-sale terminal market is expanding at a compound annual growth rate of 9.9 percent through 2021.

However, despite EMV’s continued implementation, e-commerce has emerged as a favorite for today’s consumers, who are rapidly switching to online shopping due to its ease of use. As a result, mobile wallets, payment apps and mobile shopping are now commonplace, and their familiarity and adoption is only growing. According to eMarketer, e-commerce is growing immensely, and in 2017 alone, mobile commerce (m-commerce) via smartphones and devices represented more than one-third of all retail e-commerce sales in the United States. Worldwide retail e-commerce sales are forecast to hit $4.5 trillion by 2021, holding 16 percent of the market share, according to eMarketer. This data compels payments technology companies to continue developing innovative strategies to stay ahead of the market, while also protecting customers’ sensitive information.

With that said, growth in the realm of e-commerce also invites openings for card fraud and security breaches. According to, the Identify Theft Resource Center (ITRC) counted 791 reported data breaches in the U.S. during the first six months of 2017 alone. The threat of breaches is top-of-mind, not only for cardholders, but also for card issuers who want their customers to trust that their information is safe. To quell that threat, payments providers adopted the process known as tokenization. Tokenization occurs when a customer’s primary account number (PAN) is replaced with a series of tokens that pass through the Internet or various wireless networks without exposing the actual bank account details. Tokenization allows for secure payments processing, and has led to yet another advancement: credential-on-file (CoF) e-commerce.

CoF e-commerce occurs when a merchant stores their customers’ card information on file for future or recurring purchases. Storing the credentials lets merchants remind customers of new payments, offers an easy method for purchasing new products and saves time by eliminating the need to enter new card information at every purchase. Long term, CoF e-commerce can employ tokenization to replace the customers’ static card data that they are currently receiving. These tokens—used only by that merchant—create a “walled garden” of information that has no value to anyone else, and the tokens are of such little value to attempted fraudsters that the merchant is less a target for intrusion.

The adoption of new processes like tokenization may seem daunting, but expanding tokenization into the CoF e-commerce sector is completed entirely behind the scenes and requires little to no effort from cardholders or issuers. In fact, the issuer only must set up tokenization with their card brand. The ease of integration and promise of higher security makes tokenization the obvious choice for a secure e-commerce world, especially as fraudsters continue to multiply and pose a greater threat to institutions and consumers.

About the author

In his role, Matt Herren has employed advanced analytics and data analysis to not only react to fraud, but also to prevent it. As the product manager for Payment Analytics, Matt has expanded CSI’s ability to address fraud through early identification of merchant breaches and fraudulent testing techniques. His work helps to increase bank profitability through fraud mitigation and card portfolio analysis, allowing customers to realize industry-leading results and maximize program performance.