In our last post on mobile payments security, we discussed how tokenization allows both customer and merchant to complete mobile transactions without having to worry about the potential theft of personal financial information. This is only one part of the total security equation, however, because a merchant still needs to be sure that the tokenized card information being used in the transaction is authentic, and traceable back to the card issuer. For this, cryptograms are used.
A cryptogram is simply a cryptographic “hash” created from certain data elements in a given transaction: for example, the transaction date and time, its authorized amount, the card issuer’s master key, and so on. The cryptogram itself is an alphanumeric string that is impossible to decode (well, at least not without billions of years of computing time available) and that serves as proof that the card being used is authentic. And because the cryptogram is generated from a unique set of elements for each transaction, it is a “one-time-use” data package that has no value to thieves who may wish to use it in a later transaction.
In the world of payments, cryptograms have been in use for many years as a means of securing transactions made physically via the EMV chip-and-pin standard (click here for a helpful overview). While users prove who they are by entering a PIN into a point-of-sale keypad, cards themselves prove that they are not counterfeit by generating cryptograms that can be verified by the issuer before a transaction completes.
For mobile payments, there is an equivalent need to authenticate every transaction to ensure, for example, that tokenized card information – which in itself may be valid – is being transmitted by a digital wallet that has not been counterfeited. So before an Interac Debit transaction is completed on a mobile device:
(1) The merchant enters payment details, including unique information associated with the transaction, and this is sent to Interac’s Mobile Debit Application (MDA) running on the mobile device.
(2) The MDA takes the terminal and merchant information, and combines it with the debit card’s master key as input into the generation of a one-time-use cryptogram.
(3) In this way, the digital wallet cryptographically “signs” the transaction, proving it comes from a legitimate wallet and that it has not been altered. The merchant’s system passes the cryptogram to the Token Service Provider for validation with the Issuer, and the transaction is authorized for processing.
Interac’s MDA, in short, takes the strong, well-trusted security provided by the EMV chip-and-pin architecture and rebuilds it within a mobile payments environment. Invisible to the user and easy to implement for the merchant, MDA cryptograms work with tokenization to create a bulletproof security halo around mobile in-app and in-browser payments.