SIGN UP LOG IN

EMV® Payment Tokenisation Press Kit

Payment tokenisation is the process of replacing a traditional primary account number (PAN) with a unique payment token that is restricted in how it can be used with a specific device, merchant, transaction type or channel. It therefore enhances the underlying security of digital payments by potentially limiting the risk typically associated with compromised, unauthorised or fraudulent use of PANs.

An EMV® Payment Token is used as part of the payment chain and, when submitted in a transaction to the payment system, would cause a payment to occur. One PAN may have multiple EMV® Payment Tokens associated with it depending on the usage scenario.

EMVCo first launched its EMV® Payment Tokenisation Specification – Technical Framework in 2014 to address the needs of digital payments including e-commerce, and minimise the fraud risk associated to an exposure of PANs. The document describes the payment tokenisation landscape, key entities and the data fields to be implemented to support a payment tokenisation service. From a technical perspective, the framework explains the acceptance of payment tokens as a replacement to PANs and how security can be improved by limiting their use to a specific environment.

Any industry participant wanting to build an EMV® payment token solution can use the technical framework.

In addition to the specification technical framework, EMVCo manages and evolves:

  • A registration service for token service providers, which uniquely identifies the pairing of a ‘token requester’ with a token service provider and helps achieve transparency of the entity that provided the payment token.
  • A newly defined data element – EMV® Payment Account Reference (PAR) – which enables merchants, acquirers and payment processors to link together a cardholder’s EMV® Payment Token with their PAN transactions without needing to use their underlying card account number. This ensures all payments are processed in a consistent manner.
  • A registration process for Banking Identification Number (BINs) Controllers, who are responsible for the governance of PARs which link to the BINs under their direct control.

For further technical details visit the EMV® Payment Tokenisation webpages.

Please note that EMVCo does not mandate the use of its specifications and industry participants are free to choose from any or all of the related EMV® technical documents to address their customer and market needs. Learn more about how EMVCo operates.

FAQs

Q: What is an EMV® Payment Token?

A: An EMV® Payment Token is a surrogate value that replaces a primary account number (PAN) in the payment ecosystem. It is used as part of the payment chain and, when submitted in a transaction to the payment system, would cause a payment to occur. One PAN may have multiple EMV® Payment Tokens associated with it depending on the usage scenario. Payment tokens are restricted to specific domains. For example, a payment token may be usable only within the e-commerce acceptance channel at a specific merchant. They can be updated for a variety of reasons, such as in the event of a lost or stolen device or other lifecycle events.

Q: What is the role of EMVCo within this area?

A: EMVCo defines the technical framework to generate, deploy and manage payment tokens in a reliable and interoperable manner globally. This technical framework must maintain compatibility with the existing payment infrastructure while delivering consistency and achieving a common level of robust security.

Q: What are the benefits of using a payment token based on EMVCo’s framework?

A: Payment tokenisation enhances the underlying security of digital payments by potentially limiting the risk typically associated with compromised, unauthorised or fraudulent use of PANs. Payment tokenisation achieves this by replacing PANs with payment tokens that differ significantly in terms of the ability to control or restrict usage to a particular transaction environment, device or other domain. The implementation of payment tokenisation solutions aligned with EMV® Payment Tokenisation Specification – Technical Framework v2.0 provides opportunities to enhance the security of digital payments for issuers, merchants, acquirers, payment processors and stakeholders in the broader acceptance community.

View all related FAQs (PDF)

Resources

Webcast – Payment Account Reference

In this webcast, recorded in October 2016, Clinton Allen, Chair of EMVCo’s Payment Tokenisation Working Group, provides an overview of Payment Account Reference (PAR) and why it has been introduced, and offers insight into the focus and nature of EMVCo’s activity in this area.

The Evolution of Payment Specs and Tokenization – Part 1

In this joint webinar, recorded in October 2015, EMVCo and the Smart Card Alliance (now the Secure Technology Alliance) explore the evolution and current status of the U.S. payments market and discuss the importance of global standards to provide interoperability in the complex U.S. payments ecosystem.

The Evolution of Payment Specs and Tokenization - Part 2

In this joint webinar, recorded in November 2015, EMVCo and the Smart Card Alliance (now the Secure Technology Alliance) provide an overview of payment tokenisation technology and how it is utilised to secure the payment infrastructure.