Getting customers to part with their hard-earned cash has been a core part of being a merchant since, well, forever. Since payments started to become less physical, however, the question of security has loomed larger in the minds of both parties to a transaction. No one wants a simple purchase to turn into an opportunity for later theft or fraud – but that’s exactly the risk presented by the transfer of personal financial information (a credit card number, for example) from a buyer to a seller. Confidential information can be intercepted when the transaction is made, or stolen later by employees or hackers.
Mobile payments, by transmitting information through the air from device to point-of-sale system or through the Internet to remote servers, add another window of potential access.
We’ve talked before (in our Faster Payments white paper, for example) about the principle of “data abstraction”, by which unique, public identifiers are used in the place of unique but confidential identifiers. With Interac e-Transfer, for example, a person can send money to a friend using only their email address (a public identifier) rather than their personal account information (a confidential identifier).
How Tokenization Works with Mobile Payments
We use this same principle to secure mobile payments, though in this case the approach is called “tokenization”. Essentially, we replace a highly confidential piece of data – like a person’s debit card number – with a random piece of data, and use that for the transaction.
Here’s how it works. When a consumer adds a payment card to the digital wallet on their device, like a mobile phone, the wallet communicates with a remote service (like Interac Token Service Provider) and receives a randomized number that it associates with the consumer’s payment card. This randomized number is called a “token”, and is formatted like the payment card number it is replacing.
When a consumer uses that card (in the digital wallet) to purchase something from a merchant, the wallet sends the token to the merchant’s system, rather than sending the actual card number. And when the merchant’s payment system processes the token, behind the scenes the token is instantly validated by the financial institution and the token service provider, the transaction is authorized, and the merchant will subsequently receive the funds from the transaction in their account.
Through tokenization, the consumer’s confidential card information is not on their mobile device: it is not transmitted through the air, nor is it seen by an employee, nor stored in the merchant’s systems. The token, even if intercepted or hacked, is useless beyond the now-completed transaction.
Many retailers now offer in-app or in-browser payments for customers shopping at home or on the move, and these use tokenization too as a security measure. But because a physical chip-enabled card isn’t present, we add a further layer of security to remote transactions using cryptograms. We’ll explain more in our next post on mobile payments security.