It has been a year of change in the mobile payments industry. Who would have thought two years ago that we would have come so far in such a short time? First, host card emulation (HCE) was added to the Android operating system, then we had support from the payments systems for HCE and tokenization, and EMVCo defined the role of the Token Service Provider (TSP) earlier this year.
Token Service Provider is a role that much of the ecosystem sees as essential moving forward. In adopting this position, issuers, acquirers and merchants that wish to offer mobile payments to customers can manage all elements of the tokenization process: creation, storage, issuance and management of host card emulation (HCE), card-on-file and card-not-present tokens.
It is for this reason, as one of the pioneers of HCE since the beginning when it was called Software Card Emulation on Blackberry devices, that we have brought together our experience across HCE, cloud, NFC and TSM to enable banks and merchants to become a Token Service Provider. The technology is tried and tested. In fact, it’s already in use amongst our customers worldwide to manage the lifecycle of payment tokens.
Why Token Service Providers?
Tokenization, Token Service Providers, token vaults – these phrases may be everywhere, but they are not just buzz words. This is the technology that enables consumer card data to be kept safe.
The process of tokenization reduces the value of stored payment credentials as they can only be used within a very specific domain. The recent announcements by global technology and payment companies signal a milestone in the development of mobile payments. New players are entering the market, new roles are being created and new opportunities are available.
In this new era of secure mobile payments, Token Service Providers should have the ability to:
- Issue and manage the entire lifecycle of payment credentials, including issuance and remote management according to specifications defined by the global payment schemes. This can take place in the cloud using HCE or on a smartphone inside a secure element.
- Implement tokenization to reduce payment card fraud by replacing a primary account number (PAN) with a unique identifier, known as a ‘payment token’. The payment token can only be used in a specific domain such as a merchant’s online website, or channel for example a mobile device to make a near-field-communication (NFC) payment.
- Manage transactions to integrate with the existing authorization host, by converting or validating cryptograms as well as performing processing checks, for example.
Around the world there are already hotspots of activity where the traditional TSM NFC model has proven too slow, complex and expensive. Many therefore see HCE and tokenization as an attractive proposition as an entry into mobile payments. Token Service Providers will be central to supporting progress. HCE and tokenization has opened the door to a new world of mobile payment opportunities for banks and merchants, now is the time to walk through it.
To learn more about this topic, how we can mitigate the risks and add further security to HCE and tokenization, listen to my podcast on PYMNTS.com.