fbpx
PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Secure Tokenization: How and Why

Don Apgar by Don Apgar
January 5, 2022
in Analysts Coverage, Tokenization
0
Secure Tokenization: How and Why

Secure Tokenization: How and Why

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

The Reserve Bank of India (RBI) continues to be proactive in regulating card-based transactions to ensure the consumer confidence in security and utility is protected as the country approaches what experts have described as a digital tipping point. The RBI has issued guidance requiring that all card transactions be tokenized beginning Jan 1 of this year, both for POS transactions and card-on-file (COF) or subscription sales. Tokenization is the process of replacing the user’s card credentials with a substitute number generated by a secure algorithm. The token by itself is valueless, so if a merchant’s system is hacked, the only payment data exposed are tokens, not actual card credentials that can be used by fraudsters or sold on the dark web. 

The process of tokenization happens inside what’s called a token vault, where the tokenization algorithm is stored, and the only place where a token can be exchanged for the Primary Account Number (PAN). Both card issuers and merchant processors operate token vaults that address different use cases for card security. In the case of digital wallet transactions like ApplePay or GooglePay, the user’s card credentials are stored in the digital wallet or on the mobile device as a token, which is then is sent to the point-of-sale (POS) terminal via NFC. The merchant processor then routes that transaction to the Apple token vault to exchange the token for the PAN that can then be routed to the card issuer for authorization. NFC-enabled cards work similarly, with those tokens managed by the card issuers directly. In the case of recurring or COF transactions where the user has supplied their PAN credentials to the merchant, the initial transaction is tokenized by the merchant processor and the token returned to the merchant for storage. When the merchant presents the token on subsequent transactions, the processor runs it through their token vault to retrieve the PAN that can be sent to the issuer for authorization.

This rule from the RBI follows guidance issued last year requiring merchants to obtain the user’s approval before every recurring charge is billed. Consumers signing up for a monthly subscription must be contacted every month for their approval to process the current month’s charges.

Overview by Don Apgar, Director, Merchant Services Advisory Practice at Mercator Advisory Group

Tags: CoFMerchantPOSSecure PaymentsSecurityTokenTokenization
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily
    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    Why Complying with New PCI Standards Should Be Your Top Priority

    Why Complying with New PCI Standards Should Be Your Top Priority

    July 6, 2022
    Why Digital Trust Should Be a Top Priority For Banks

    Why Digital Trust Should Be a Top Priority For Banks

    July 5, 2022
    Digitization and Competition are Driving New Go-to-Market Models for Commercial Bankers

    Digitization and Competition are Driving New Go-to-Market Models for Commercial Bankers

    July 1, 2022
    SCA Compliance: Making It Work for Your Business

    SCA Compliance: Making It Work for Your Business

    June 30, 2022
    Fintech Ecommerce Revolution: The Ultimate Trends

    Fintech Ecommerce Revolution: The Ultimate Trends

    June 29, 2022
    Why Banks and Credit Unions Need Multiple Real-Time Payments Options

    Why Banks and Credit Unions Need Multiple Real-Time Payments Options

    June 28, 2022
    Unburdening Financial Institutions from Legacy Payments Systems

    Unburdening Financial Institutions from Legacy Payments Systems

    June 27, 2022
    Digital Enablement Capabilities Enhance the Online Customer Journey

    Digital Enablement Capabilities Enhance the Online Customer Journey

    June 24, 2022

    • Advertise With Us
    • About Us
    • Terms of Use
    • Privacy Policy
    • Subscribe
    ADVERTISEMENT
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • COVID-19
    • News
    • Resources

    © 2022 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result