Tokenization: A tool to avoid e-payment frauds

With rapid adoption of digital payments across the globe, pandemic accentuated adoption of digital payments by many first time users. In SE Asia alone, digital payments is projected to grow by fivefold to $114 billion by 2025.

There will be 188 million new users of digital payments in South East Asia by 2025,  largest markets for digital payments are projected to be Indonesia ($83 billion), Vietnam ($ 29 billion) and Thailand ($24 billion). In addition cash will see a major decline across Philippines, Vietnam and Thailand. As per Google, Temasek Bain & Company 75% of the population across 6 major SE Asian countries have access to internet with majority of them having shopped online at least once with more than 60 million first time users of digital services.

With growing adoption of digital payments, security is paramount without compromising the user experience or adding friction to the payments flow. To Support booming subscription economy, recurring payments (standing instructions, bill payments, online subscriptions) should be a breeze where customer trusts the merchant and stores his card data on merchant website/app (known as Card on File) at the time of payment enrolment using explicit customer authentication. While customer gets the convenience of not entering payment data every time merchants gets higher success rate minimizing the drop outs at checkout. In such a scenario data protection, security, data governance by merchants is essential while collecting and storing the customer sensitive card data in their own format with varied degrees of security standards. Even one lose end or the weakest link by any merchant will expose entire customer data in the hands of bad actors, putting entire ecosystem at risk e.g. in case of a breach, customer has to cancel his card, and delete stored card data at all the merchant locations while Issuing banks will have to deal with chargebacks and merchants will face the liability pressure.

Payment card  ‘Tokenization’ could be a silver bullet that precisely tries to address situations envisaged above. In addition to card on file storage it also paves way for many more use cases e.g. device based tokenization (storing card credentials securely on the users trusted device) for contactless tap/wave and pay at transit, mobility or fast check out solutions. As devices get connected, IoT is on the rise, embedded, invisible payments will be the future closely coupled with subscriptions wherein your car can make automated payments at toll, Pay at a drive or your refrigerator can order groceries automated when the stock depletes.

In India recently RBI (Reserve Bank of India) has mandated that merchants, acquirers and payment gateways should store the customer card information only in a tokenized form, laying ground  for Issuers and card networks to provide secure tokenization solutions with customer friendly directive to manage their tokens transparently. This will be a major boost for digital economy while laying strong foundations for data privacy.

So what is a token and why is it so secure while being so flexible – Token is an alias/substitute for a real card or payment data that is irreversible and highly secure as compared to encryption which is a reversible process. When merchants implement tokenization to store the card data, every token that is generated for the same card number is unique per merchant which cannot be used at any other merchant. This ensures that any weak link or in case of a data breach, the token is rendered useless by the bad actors. Customer can simply generate a new token only for that merchant while continuing to use their card at other merchant locations. This also takes away the liability shift from merchants whilst minimizing chargebacks for Issuers.

Taking a cue from India, Issuers can also come up with their tokenization solutions in conjunction with card network to offer their acquirers, payment gateways and merchants a standardized tokenization solution to bring in consistency and security across the ecosystem for not only tokenizing the cards but also tokenize wallets and any sensitive payment handles/identifiers.

Wibmo Areion ‘Token Hub’ built to EMVCo standards is the only unified tokenization solution for Card on File transactions, Recurring subscription payments and device tokenization for Tap n Pay contactless payments for merchants, acquirers and Fintechs. ‘Token Hub’ uniquely supports card Network tokens and Issuer specific tokens using single integration. This unique solution is built in partnership with all major card networks including Visa(VTS), Mastercard(MDES), NPCI (NTS), American Express(ATS) and leading issuers facilitating both network and Issuer tokens.

Wibmo Areion ‘Token Hub’ is an innovative TaaS [Tokenization as a Service] hosted on cloud for quick integration supporting global data privacy concerns fully customizable per region, tenant and merchant. Integrates seamlessly with Payment Gateway, 3DSS, ACS and other host/enterprise eco system for smooth frictionless payment experience. Its Plug n Play architecture enables follow on payment use cases for Loyalty, offers, Standing instructions for recurring payments without losing the payment optimizations like one click payments and ‘On-Us’ processing.

Token Hub is also extensible to tokenize non card instruments in future like UPI, Net Banking, Wallets or other non-card payments creating a one click frictionless check out experience online and offline with fully customizable checkout flows for Issuers.

This article was written by Ravi Battula from Wibmo. For more information or queries, please write to sales@wibmo.com

Developer

No bio available for this author.