In an age where users are becoming more reliant on sharing sensitive data, fraud is on the rise. The Federal Trade Commission’s online database of consumer complaints reports 13 million complaints from 2012-2016, 42 percent of which were fraud related, and 13 percent, identity theft complaints. The rise in fraud comes amid growing security measures, such as the introduction of PIN (Personal Identification and Number) and chip cards.
One possible answer to the rising trend of fraud and identity theft is tokenization. Under traditional methods, when a payment is made, the card number passes through various points in the authorization process, easily exposed to interception. Tokenization stores the original number in a secure token vault, and substitutes it with a unique tokenized number (otherwise known as a “token”), to prevent exposure to those various points.
In card payments, a token is requested or provided to replace a credit or debit card’s Primary Account Number (PAN) and associated data wherever card details might be stored for generating transactions, like at an eCommerce Merchant or in a digital wallet. At the same time, the mapping between the PAN and any tokens is securely maintained within a Token Vault. The token replaces the PAN for providing routing information for transactions, routing these to where the Token Vault is maintained, so the token can be mapped to the underlying PAN (de-tokenized) and token domain-specific checks applied.
What makes tokenization so unique is that, if the token is stolen, it can only be used to attempt fraud within the domain it was stolen from. Even if the breach or theft hasn’t been detected, Token domain controls remain in place and the underlying card and other related tokens aren’t impacted. With the significant reduction in the value of the intercepted information, the incentive to attack becomes increasingly less attractive to the fraudster and potentially even uneconomical.
The use of tokenization in securing mobile payments is evident in platforms such as Apple Pay, Android Pay, and Samsung Pay, where they each have their own tokenization solutions. What is not so apparent, is the possibility of tokenization to be used in other areas, such as securing personal information or even be used in tandem with blockchain technology.
With more services and products becoming digital and mobile, the need for tough, water-tight solutions is growing. Security measures such as tokenization is working to bring peace of mind to users. Tokenization has done so much for mobile payments, but the possibilities need not be restricted to that field alone. The increased need for stopping fraud and ensuring sensitive information does not gets stolen means that there is only one direction the platform can go: forward.