The Green Sheet Online Edition
October 09, 2018 • Issue 18:10:01
Card-on-file EMV payment tokenization
We want to thank André Stoorvogel, Director, Product Marketing, Payments at Rambus for offering insights on card-on-file EMV payment tokenization, which are excerpted below:
- The size and value of the card-not-present (CNP) market is increasing exponentially as payment use-cases across ecommerce, mcommerce and the Internet of Things emerge and mature.
- Collecting and storing payment credentials for future use, known as card-on-file, is fundamental to the remote commerce ecosystem. Although payment methods utilizing card-on-file offer convenience, they also create challenges, and CNP fraud continues to surge worldwide. Merchants must address the growing threat of card-on-file databases being compromised and credentials being used fraudulently. In a constant battle against cart abandonment, they must also ensure that additional security measures do not compromise the user experience.
- Security approaches can fight fraud without compromising the user journey. EMV payment tokenization describes the process of replacing a primary account number (PAN) with a unique payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel. Tokens can move through the transaction flow in the same way as the original PAN, meaning merchants can strike an effective balance between high security and a frictionless buying experience.
- With card-on-file EMV payment tokenization merchants only store payment tokens, not actual card numbers, in their databases. This delivers security benefits to the digital commerce ecosystem by reducing risk and mitigating the impact of malware, phishing attacks and data breaches. Better fraud prevention has a tangible impact on consumers and merchants.
- Card-on-file tokenization systems enable consumer payment details to be instantly refreshed when a card is lost, stolen or expires. There is no need for a consumer to log into an online shopping account to update their details, or to miss out on a subscription due to redundant card credentials. Merchants can benefit from increased convenience. For example, it helps reduce the regulatory burden and costs associated with ensuring PCI DSS compliance for stored card credentials.
Please share your ideas on tokenization or other matters of interest to the payments community at email@example.com.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.