Payments are becoming more and more digitized as our economy adapts to consumer demands for convenience and choice. To protect and safeguard such sensitive information in a cost-effective and secure way, tokenization is key.
Historically, encryption has been the preferred method of protecting sensitive card and payment data. Vast databases of card numbers stored by merchants and service providers have been locked down with encryption keys. Yet breaches continue to occur as fraudsters find new ways to circumvent security. Even the use of PIN numbers at the point of sale (POS) has done little to stem the tide.
In response, the move toward tokenization is underway. Tokenization increases protection across all channels and, best of all, it reduces friction for consumers thereby making transactions simpler, smoother and faster.
Tokenized Security for Total Secrecy
Customers are justified in wondering why merchants maintain an enormous supply of credit card numbers. In the face of never-ending fraud attempts, why should large numbers of merchants and service providers be responsible to safeguard such sensitive information? Tokenization eliminates this problem as it allows consumers to buy things without ever giving out a credit card number.
Tokenization replaces card numbers with a unique identifier, or token, that cannot be mathematically reversed if a token is compromised. This collection of numbers is meaningless to hackers and keeps the actual card number invisible at all times – even the merchant never sees it. Instead, the payment data is securely stored in the data centers of the card issuer (VISA, MasterCard, American Express, etc.). The tokens are resolved in real time, meaning purchases can be made securely, and with no additional process steps that slow down or discourage the payment experience.
Beyond the POS
Tokenization promises to be a panacea for digital payments. Furthermore, tokenization should become a core driver for mobile, app-based, voice-activated personal assistants and e-payments of all kinds through all digital channels, whether online or in-store.
As customers begin to fully appreciate and leverage the growing emergence of the internet of things (IoT), tokenization represents the only realistic way to ensure security while maintaining true frictionless and intervention-free payments. As more devices are connected to the internet (around twenty billion devices by 2020, according to Gartner) keeping card details out of the equation is vital. Nobody wants to store their full card details flippantly. This is why tokens provide a safe and affordable mechanism to keep transactions simple, without the worry that a hacker will gain access to sensitive card information.
The IoT is certainly a game changer, but from a security perspective, security on the IoT simply depends on the ability to identify devices and their masters, and protect the data that those devices and masters manage and share. Tokenization services from major card issuers provide IoT device manufacturers a mechanism to embed secure payments into their connected devices.
Merchant Readiness in the Brave New World
So how can merchants take advantage of tokenization? In many ways, tokenization levels the playing field by simplifying the process and removing the need to secure large volumes of card data. Merchants and retailers need to connect to the various card issuer gateway tokenization services from Visa, MasterCard, American Express, etc. Each has their own token services, and connectivity can either be direct or through the usual payment processors that merchants typically utilize to resolve payments. This puts the burden on the card issuer to protect card data and resolve tokens with the user on a transactional level. Also, every time a customer uses a card at a merchant’s store, the same token number is given to the merchant’s system, making it easy for customers to pay with one click for future store purchases.
Banks and wallet providers have craved a way to complete enrollment simply and instantly, and to minimize registration abandonment. That’s important because e-commerce has an average abandonment rate of 75 percent. This high rate of transaction failure, primarily due to the process itself, is intolerable. These extra steps in the e-commerce checkout experience are comparable to the long user sign-up process in mobile payments. Both create friction and reduce the number of users that stick it out. Tokenization allows customers to sign up and be ready to pay within seconds – a huge factor in mobile payments convenience and adoption. These improvements offered by tokenization are also exploited by mobile wallets like ApplePay, SamsungPay, AndroidPay and mobile payment wallets from banks, all of which automatically register cards loaded to the wallet using tokens, thus keeping card details out of the equation.
While fraud prevention and security are the main reasons for tokenization, it also enables digital payments to become ubiquitous by not impacting or complicating transaction experiences. Thus, tokenization is a strong driver of digital payments.
Tokenization technology is fast and relatively straightforward for all involved parties. Given that mobile wallets use tokens, the consumer purchase experience is relatively frictionless with little or no impact on physical retail terminals or online checkouts, as well as the underlying payments processing. There is no need for merchants to invest in new hardware or software, and issuers experience little impact on their existing back-end systems by implementing tokenization. There are few reasons payments innovators shouldn’t embrace tokenization to improve their security, so the time is ripe to make a move.