Payment tokenisation is the process of replacing a traditional primary account number (PAN) with a unique payment token that is restricted in how it can be used with a specific device, merchant, transaction type or channel. It therefore enhances the underlying security of digital payments by potentially limiting the risk typically associated with compromised, unauthorised or fraudulent use of PANs.
An EMV® Payment Token is used as part of the payment chain and, when submitted in a transaction to the payment system, would cause a payment to occur. One PAN may have multiple EMV® Payment Tokens associated with it depending on the usage scenario.
EMVCo first launched its EMV® Payment Tokenisation Specification – Technical Framework in 2014 to address the needs of digital payments including e-commerce, and minimise the fraud risk associated to an exposure of PANs. The document describes the payment tokenisation landscape, key entities and the data fields to be implemented to support a payment tokenisation service. From a technical perspective, the framework explains the acceptance of payment tokens as a replacement to PANs and how security can be improved by limiting their use to a specific environment.
Any industry participant wanting to build an EMV® payment token solution can use the technical framework.
In addition to the specification technical framework, EMVCo manages and evolves:
For further technical details visit the EMV® Payment Tokenisation webpages.
Please note that EMVCo does not mandate the use of its specifications and industry participants are free to choose from any or all of the related EMV® technical documents to address their customer and market needs. Learn more about how EMVCo operates.
Q: What is an EMV® Payment Token?
A: A Payment Token is a surrogate value that replaces the primary account number (PAN) in the payment ecosystem. Payment Tokens are designed to provide transparency to payment ecosystem stakeholders when accepting and processing Payment Tokens.
Payment Tokens are restricted to specific domains. For example, a Payment Token may be usable only within the e-commerce acceptance channel at a specific Merchant.
Q: What is the role of EMVCo within Payment Tokenisation?
A: EMVCo defines the Technical Framework to generate, deploy and manage Payment Tokens in a reliable and interoperable manner globally at the point of acceptance. The aim is to provide a level of commonality across the payment ecosystem to support adoption while enabling levels of differentiation that promote innovation. This is achieved while maintaining compatibility with the existing payment infrastructure and providing the potential for increased security by limiting the risk typically associated with compromised, unauthorised or fraudulent use of PANs.
Q: What are the benefits of using a Payment Token based on EMVCo’s Technical Framework?
A: Payment Tokenisation enhances the underlying security of digital payments by potentially limiting the risk typically associated with compromised, unauthorised or fraudulent use of PANs. Payment Tokenisation achieves this by replacing PANs with Payment Tokens that differ significantly in terms of the ability to control or restrict usage to its intended use, e.g. a device or other domain.
The implementation of Payment Tokenisation solutions aligned with the Technical Framework provides opportunities to enhance the security of digital payments for Issuers, Merchants, Acquirers, payment processors and stakeholders in the broader acceptance community.
In this webcast, recorded in October 2016, Clinton Allen, Chair of EMVCo’s Payment Tokenisation Working Group, provides an overview of Payment Account Reference (PAR) and why it has been introduced, and offers insight into the focus and nature of EMVCo’s activity in this area.
On 16 November 2017, EMVCo partnered with the Secure Technology Alliance to deliver a webinar on the latest EMV® Payment Tokenisation Specification – Technical Framework v2.0 updates.