The payments industry is evolving to support payment form factors that provide increased protection against counterfeit, account misuse, and other forms of fraud. While EMV chip cards provide substantial protection for card-present transactions, a similar need exists for ‘card-not-present’ and emerging transaction environments which combine elements of ‘card-present’ and ‘card-not-present’ transactions. It is generally agreed that Payment Tokenisation systems hold substantial promise to address these needs.
Payment Tokens may be used with all Cardholder Verification Methods (CVMs), including signature, online and offline PIN, and no-CVM. If an online PIN is used with a Payment Token, in accordance to ISO 9564-1 PIN Block Format 0 or Format 3, the PIN Block would include the Payment Token in lieu of the PAN. The Token Service Provider will be responsible for ensuring that the Card Issuer receives the PIN Block with the PAN or Payment Token, as appropriate, for validation.
In order for Payment Tokens to provide improved protection against misuse, the Payment Token is limited to use in a specific domain, such as to a specific merchant or e-commerce acceptance channel. These underlying usage controls are a key benefit of Payment Tokens and the EMV Payment Tokenisation Specification – Technical Framework v1.0 describes methods for their implementation.
There are benefits for all stakeholders that will help encourage adoption of Payment Tokens:
- Card Issuers and Cardholders may benefit from new and more secure ways to pay, improved transaction approval levels, and reduced risk of subsequent fraud in the event of a data breach.
- Acquirers and Merchants may experience a reduced threat of online attacks and data breaches, as well as benefit from the higher assurance levels that Payment Tokens offer.
- Payment processing networks will be able to adopt an open specification that facilitates interoperability and helps to reduce data protection requirements for the Payment Network and its participants.