Technical body EMVCo launched version two of its EMV® Payment Tokenisation Specification — Technical Framework in September. The market has developed rapidly since v1.0 premiered in 2014 to cover the demands of digital payments such as eCommerce, and decrease the fraud threat associated with an exposure of main account numbers (PAN) — so v2.0 has been eagerly anticipated by the ecosystem.
Here’s a couple of things that stood out for me one of the vital updates and revisions.
Like all technologies, the innovation curve is too steep for standardization to keep pace. This update therefore attracts the frame in line with lots of the improvements that have happened over the last couple of years. Additionally, it addresses a selection of opinions from live implementations of this technology to smooth the path for widespread deployment.
By way of instance, EMVCo published an interim notice in 2016 on its EMV Payment Account Reference (PAR) which enables merchants, acquirers and payment processors to connect together a cardholder’s EMV payment token and PAN transactions. Version 2.0 of this tokenization specification explains this in a standards level and sets the principles for BIN controllers (for example, an ISO IIN Card Issuer) to execute PAR to their BINs.
One particularly positive development is the addition of a common set of definitions and terminology in the frame. This might seem simple, but it provides the ecosystem a means to communicate efficiently and avoid confusion and delays. Players are now able to easily understand both the similarities and differences in encouraging and implementing tokenization with all the international and national payment schemes.
Elsewhere, EMVCo has explained the roles, responsibilities and minimum requirements for things establishing a token program. This will ensure the successful creation, issuance and complete lifecycle management of payment tokens as markets grow. The document also outlines a selection of existing and new token requestor types to clearly specify who can ask their associated characteristics that are notable.
This greater clarity not only enables better collaboration and equilibrium, it sets the stage for much faster development and brings confidence in tokenization for a fraud prevention technologies.
New tokenization use cases
Since the initiation of the original frame, the use cases for payment tokenization have expanded significantly to allow for many kinds of cardholder- and merchant-initiated transactions. The new frame therefore addresses new use cases for eCommerce, including:
— eCommerce with a mobile/digital wallet — consumers may carry out a tokenized transaction on an eCommerce site or in-app with their mobile/digital wallet.
— Shared payment token — a Token Requestor can share the identical payment token between multiple Token Users (e.g. merchants).
These developments can bring the fraud avoidance of lively tokens to situations like recurring one-click-ordering and in-app payments.
Is this progress?
In a word, absolutely! Even though there’s nothing revolutionary here, this upgrade is equally catching up with innovation and enabling it to keep on happening in a sustainable, secure and secure manner. We, as a growing ecosystem, have a more comprehensive reference manual to work from, making life easier for things to clearly define their needs when issuing an RFP, by way of instance, and for technology suppliers to better understand what the marketplace needs.
Work is ongoing. We’re moving towards an end-game where all payments (and even all information!) Are tokenized, so we will need to get to a location where static tokens (such as PANs) are no longer used and lively tokens are universal.
In our role as an EMVCo Technical Associate we anticipate continuing to support the upcoming expansion and clarification of the frame to enable further common understanding of the functions, theories and use cases between all parties in the ecosystem.