With all this talk about achieving a global standard in tokenization, how much of it has it really helped in securing payments?
According to NFC World, “The new tokenization framework being developed by EMVCo (collectively owned by American Express, Discover, JCB, MasterCard, China UnionPay, and Visa) for the world’s major payments networks will enable EMV chip card transactions to be made on a mobile phone using the widest possible range of “last inch” technologies.”
Now that sounds really amazing especially with the these new specification delivering the promise of consistency, security and global interoperability to where the digital payments community are concerned with mobile devices that vary in all sorts of shapes and sizes.
And if it’s true, it will definitely be the catalyst in releasing the floodgates of digital commerce where security, speed and convenience matters the most. But who does it benefit the most truly?
For the average consumer, the idea of credit card security can be intimidating and most people would be alright with the idea of being semi-aware of credit card protection without understanding the full details. And that’s okay because honestly, many experts in the payments field speak a lot of jargon and it’s only normal to not be able to process all of these technical information.
And that… shouldn’t be the case because everyone should be entitled to being aware about their financial security.
So let’s first begin to explore how what tokenization really means:
“Tokenization is a security process where data is replaced by identification symbols that retain the contents of the original data in a secure manner. Each set of sensitive data becomes its own unique pattern. So if data systems were compromised, hackers would get a tokenized number instead of a customer’s credit card number.”
And so, tokenization presents itself as one of the best ways to secure any card holder’s data environment because if you don’t have the information in the first place, you can’t be the source of a stored data compromise. It’s as simple as it gets.
Unlike EMV, tokenization doesn’t require a mass overhaul of a payment system. Instead, it works with an organization’s existing structures, with the heavy lifting being done by the tokenization vendor that stores the credit card data, generates the tokens, and keeps track of them through the entire transaction process.
But really, the main driver between the EMV migration is card-related financial fraud and sources indicate that the best efforts of global law enforcement agencies indicate that global losses have risen steadily with the increasing pressure to find a global solution with estimated annual costs of card fraud in the U.S alone amounting up to $8.6 billion per year.
Experts believe that the figure will spike up to $10 billion or higher by 2015 if the U.S doesn’t make any significant progress with chip card adoption.
Now this is where payment conglomerates, EMVCo steps in to increase its focus from chip-based payments to include tokenization because it makes market domination over the world of payments way easier by introducing a global standard.
Christina Hulka, EMVCo Board of Managers Chair stated that:
“Existing payment tokenization systems are proprietary in nature and are not interoperable. This is why specifications are needed,”
“A global specification to address tokenization will provide all stakeholders with a consistent, secure, reliable, and interoperable environment for digital payments. For consumers, enhanced security can lead to improved confidence in conducting digital payments. For merchants, this will enable them to confidently launch new technologies, knowing that they are building on a common framework that will be scalable to future industry requirements.”
But before we introduce EMVCo as the messiah to the current payments plague, the problem that persists is the accompanying liability shift, meaning to say that issuers and merchants using non-EMV compliant devices that choose to accept transactions made with EMV-compliant cards assume liability for any and all transactions that are found to be fraudulent.
Liability isn’t something that everybody wants in the long haul, and while this threat of assumed liability does not mean that the involving parties in card-based transaction are required to make the shift towards EMV compliance as quickly as possible, this translates to issuers, acquirers, merchants and other parties to begin charting their plan of action especially when they have not accommodated the EMV’s ironic plans for interoperability.
What makes tokenization a special fit to the overall data protection puzzle is that it has the ability to change the way as to how people are looking towards managing and securing data as opposed to simply changing networks or infrastructure.
And the bottom line remains that tokenization, represents the biggest barrier that cyber criminals will ever breach for now at the very least.