EMV Payment Tokenisation enhances transaction security by removing the most valuable data to a fraudster within a transaction, the primary account number (PAN), and replacing it with a unique alternative value, a payment token.
Payment tokens can be limited in how and where they are used to prevent their use outside of specific defined parameters. For example, a payment token can be limited for use at a single merchant, whereby any attempt to use the payment token in a transaction at another merchant will fail.
Within the payment ecosystem, a PAN can be tokenised at different points to improve security, for example, within the merchant environment tokenisation can happen between the merchant and acquirer.
EMV Payment Tokenisation enables a payment token to be used in a payment transaction from point of purchase, passing across payment networks between acquirers and card issuers, through to payment authorisation by the card issuer. EMV Payment Tokens are compatible with other forms of tokenisation such as acquirer and/or security tokens.
EMV Payment Tokenisation activity comprises three key areas of work:
EMVCo manages and assigns TSP Codes worldwide to ensure that each TSP issuing EMV Payment Tokens is uniquely identifiable on a global basis
– BIN Controller Registration Programme
EMVCo manages and assigns BIN Controller IDs (BCID) numbers worldwide to ensure that within the supporting context of EMV Payment Tokens, they can effectively implement PAR without clashes or conflicts.
Q: What is an EMV Payment Token?
A: A Payment Token is a surrogate value that replaces the primary account number (PAN) in the payment ecosystem. Payment Tokens are designed to provide transparency to payment ecosystem stakeholders when accepting and processing Payment Tokens.
Payment Tokens are restricted to specific domains. For example, a Payment Token may be usable only within the e-commerce acceptance channel at a specific Merchant.
Q: What is the role of EMVCo within Payment Tokenisation?
A: EMVCo defines the Technical Framework to generate, deploy and manage Payment Tokens in a reliable and interoperable manner globally at the point of acceptance. The aim is to provide a level of commonality across the payment ecosystem to support adoption while enabling levels of differentiation that promote innovation. This is achieved while maintaining compatibility with the existing payment infrastructure and providing the potential for increased security by limiting the risk typically associated with compromised, unauthorised or fraudulent use of PANs.
Q: What are the benefits of using a Payment Token based on EMVCo’s Technical Framework?
A: Payment Tokenisation enhances the underlying security of digital payments by potentially limiting the risk typically associated with compromised, unauthorised or fraudulent use of PANs. Payment Tokenisation achieves this by replacing PANs with Payment Tokens that differ significantly in terms of the ability to control or restrict usage to its intended use, e.g. a device or other domain.
The implementation of Payment Tokenisation solutions aligned with the Technical Framework provides opportunities to enhance the security of digital payments for Issuers, Merchants, Acquirers, payment processors and stakeholders in the broader acceptance community.
This quick resource provides a high-level overview of how EMV SRC, 3DS and Payment Tokenisation Specifications support global adoption of fraud-fighting technologies for reliable and convenient online commerce.
Watch this recording from Brian Bryne, EMVCo’s Director of Operations and Engagement, to learn the benefits and value that EMV Payment Tokenisation can bring to the payment community and the role that EMVCo plays.