EMV® Payment Tokenisation Payment transactions are more secure due to the concept of Payment Tokenisation. The Payment Tokenisation Specification provides an interoperable Technical Framework that will benefit Acquirers, Merchants, Card Issuers, and Cardholders. This Technical Framework describes a global Payment Tokenisation ecosystem that overlays and interoperates with existing payment ecosystems to support digital commerce and new methods of payment.
| Version | Published | Description | Related Bulletins |
|---|---|---|---|
| 2.0 | 08 Sep 2017 | EMV® Payment Tokenisation Specification – Technical Framework | See All |
EMVCo has established a Token Service Provider Code (“TSP Code”), which is a 3 digit code assigned to Token Service Provider (“TSP”) and maintained by EMVCo. The TSP Code is included in the Token Requester ID, which uniquely identifies the pairing of Token Requester with the Token Service Provider. This helps achieve transparency of the entity that provided the Payment Token.
EMVCo has established a BIN Controller Identifier Registration (“BIN Controller ID”), which is a 4 character value assigned to a BIN Controller for purposes of Payment Account Reference (PAR) governance, with registration being maintained by EMVCo.
| Version | Published | Description |
|---|---|---|
| 0.1 | 10 Aug 2018 |
Payment Tokenisation – A Guide to Use Cases: Comment Period Ends 9 Oct 2018 |
| 2 | 08 Jun 2018 |
EMVCo White Paper on Payment Account Reference |
| 1 | 28 Nov 2017 |
Webinar: EMV® Payment Tokenisation: What’s New? |
| 1 | 31 Oct 2016 |
Webinar: Payment Account Reference (PAR) |
| 1.1 | 21 Oct 2016 |
EMV® Level 3 Testing Framework – Process Enhancements |
| 1 | 18 Mar 2015 |
GB nº 001, Formal Adoption of Level 3 |
Q: What is an EMV® Payment Token?
A: An EMV® Payment Token is a surrogate value that replaces a primary account number (PAN) in the payment ecosystem. It is used as part of the payment chain and, when submitted in a transaction to the payment system, would cause a payment to occur. One PAN may have multiple EMV® Payment Tokens associated with it depending on the usage scenario. Payment tokens are restricted to specific domains. For example, a payment token may be usable only within the e-commerce acceptance channel at a specific merchant. They can be updated for a variety of reasons, such as in the event of a lost or stolen device or other lifecycle events.
Q: What is the role of EMVCo within this area?
A: EMVCo defines the technical framework to generate, deploy and manage payment tokens in a reliable and interoperable manner globally. This technical framework must maintain compatibility with the existing payment infrastructure while delivering consistency and achieving a common level of robust security.
Q: What are the benefits of using a payment token based on EMVCo’s framework?
A: Payment tokenisation enhances the underlying security of digital payments by potentially limiting the risk typically associated with compromised, unauthorised or fraudulent use of PANs. Payment tokenisation achieves this by replacing PANs with payment tokens that differ significantly in terms of the ability to control or restrict usage to a particular transaction environment, device or other domain. The implementation of payment tokenisation solutions aligned with EMV® Payment Tokenisation Specification – Technical Framework v2.0 provides opportunities to enhance the security of digital payments for issuers, merchants, acquirers, payment processors and stakeholders in the broader acceptance community.
View all related FAQs (PDF)Draft Specifications and Bulletins are shared with EMVCo Associates and Subscribers, who provide feedback and submit Queries. They are also eligible to attend relevant meetings to discuss the Specifications.
