Latest SPA Paper: Tokenization and Protection of Card Data for Online Payments
Munich, 15th May 2014 - Tokenization in payments has been around for years.
However, in recent months tokenization has once again become a buzzword within the financial industry which is looking to add tokens to the list of alternative payment methods using card data (cloud-based accounts, mobile wallets, Google HCE).
The SPA considers that what’s different this time round is the standardization efforts taking place for online payments using tokens (for example, EMVCo, US Clearing House and new ANSI X.9 standard, PCI-DSS) and the fact that these efforts are being aligned with upcoming legal frameworks for e-commerce, m-commerce and data protection in several regions of the world.
However, it is not always clear how these new payment methods are positioned with respect to existing card payments; in other words, whether these are complementary or a replacement. Are these new payment methods and technical drivers bound to make profound changes in the way we do payments? The SPA’s opinion is that payment innovation breakthrough is only possible when both trust and convenience are achieved. Yet trust and convenience must be compatible with a business case for the issuers of new payment methods. Finally, the terminology used for tokens is not always consistent, which in turn contributes to the generation of additional confusion.
For instance, what do we really mean by “tokens”?
In this paper, the SPA discusses the business and technical drivers for tokenization, provides initial feedback on the EMVCo Draft Framework for tokenization, and suggests ways to develop secure and interoperable online payments with a great user experience.