Token service providers: new stakeholders in payments industry

|September 22, 2015 0

Prasanta Chakraborty

The payments industry has seen many new trends over the last couple of years.

The payments industry had a huge year in 2014 and it’s showing no sign of slow down, once a quiet sector of the industry, the segment has been on a roller-coaster ride lately.

Most payments organizations that now considering serving as a Token Service Provider (TSP), that allow multiple uses of the token values and are flexible to support new payments methods. In this scenario, tokens can potentially be used for repeat purchases, recurring payments, charge backs and refunds. In addition, multiple-use token values can be utilized for post-process.

A token is usually the same length and format as the original PAN, so it appears no different than a standard payment card number to back-end transaction processing systems, applications and storage.

The token acts as a substitute value for the actual PAN while the data is at rest inside a retailer’s systems. A secure cross-reference table residing in a PCI-controlled environment allows authorized look-up of the original PAN by using the token as the index. The token can be reversed to its true associated PAN value at any time with the right decryption keys. Tokens can be either single use tokens or multi-use tokens.

With online payments, card tokenization is one way to address this gap and a number of organizations in the industry have come out in support of tokenization as a risk management strategy. Tokenization is the process of replacing sensitive data with surrogate values that remove risk but preserve value to the business.

Many conversations around options for security have suggested use of tokenization—a process which substitutes sensitive cardholder information with tokens. Since the tokens contain no cardholder or card data, they present no value to criminals and improve consumers’ level of trust. In addition, issuers avoid the expense associated with notification, loss reimbursement, and legal action.

Furthermore, by removing the need to store actual card details, this approach significantly reduces the costs and hours associated with the compliance requirements.

There are several other areas for consideration that also come into play, either directly or indirectly depending on the role of the intermediary, when payment organizations are considering their approach to tokenization like token values, single pay vs multiple pay tokens and legacy data in storage.

Payment trends are constantly evolving in line with developments in technology. Businesses need to ensure they can offer the widest range of options and keep up with the market trends to make sure they are meeting consumers’ needs, which will in turn have a positive impact on their business.

The article is authored by Prasanta Chakraborty, VP, Corporate, RS Software

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.