Payment credential management specialist, Bell ID, has launched its Tokenization Manager software. The solution will be used by card issuers and merchants to enhance security and limit fraud by facilitating tokenized payments.
EMV payment tokenization is the process of replacing a personal account number (PAN) with a unique identifier, known as a ‘payment token’. The payment token can only be used in a specific domain such as a merchant’s online website, or channel for example a mobile device to make a near-field-communication (NFC) payment.
Pat Curran, Executive Chairman at Bell ID, explains: “As an example, tokenization replaces the need for merchants or digital wallet operators to store customers’ card data. As the payment tokens are created for a designated purpose, they are very unappealing to fraudsters as the data stolen cannot be used more widely. Tokenization will therefore prevent large scale attacks on merchants for card data, keeping confidential, sensitive information out of reach and helping to increase consumer trust. This is very important following a number of large scale data breaches in the US over the past year.”
Bell ID’s Tokenization Manager, which has already been deployed worldwide to support mobile NFC payments, provides Token Service Provider functionality in line with the EMV Payment Tokenization Specification – Technical Framework v1.0. It will be used by token requesters such as card issuers to manage payment tokens, digital wallet providers to deliver tokens to support mobile NFC payments, and merchants to replace card on-file storage of PANs.
The solution operates and manages a secure repository, referred to as a token vault, which maintains a link between the payment token and real PAN. It also generates the payment token and associated cryptographic data, provides de-tokenization services for transaction authorization and clearance, and delivers access to securely issue and manage the lifecycle of the token.
“The ability to manage the payment token securely and efficiently is very important, as it can be ‘unlinked’ from the PAN if the token is no longer required. For example if a mobile handset is lost or stolen or a customer closes their account with the merchant,” explains Curran. “We have leveraged our long-standing experience in this space to create a product that provides a seamless user experience for our customers and consequently end users, whilst increasing the security of mobile payment credentials. It is measures such as these that will pave the way for the mass market adoption of mobile payments.”