This blog was originally posted on December 16, 2014 and has been updated on August 9, 2016
The mobile payments revolution has arrived! Driven by the continued growth of near field communication (NFC) enabled smartphones, the launch of numerous mobile payments platforms and a sharp upsurge in consumer demand, the contactless payments market is set to be worth $17.46 billion by 2021. The value of mobile payments is projected to hit $1 trillion by 2019, increasing from 450 billion in 2015.
The growth of mobile payments has been accompanied by a lexicon of new and technical buzzwords, many of which refer to security measures that can be applied to the mobile payments infrastructure. The tokenization process has given us a number of terms, among which ‘token service provider’ (TSP) features front and center.
What is Tokenization?
Tokenization reduces the value of stored payment credentials by removing consumers’ primary account numbers (PANs) from the transaction process. It does this by replacing them with a unique identifier called a payment token. This reduces the appeal of stealing the credentials as they would be largely useless to hackers.
What is the Role of a Token Service Provider?
The TSP is an entity within the payments ecosystem that is able to provide registered token requestors – for example the merchants holding the card credentials – with ‘surrogate’ PAN values, otherwise known as payment tokens. These payment tokens can only be used in a specific domain such as a merchant’s online website or a pre-defined channel like via a mobile device to make an NFC payment.
The Tokenization Process
The TSP can be a wholly independent party from the payment network or payment processor. Alternatively, it can be integrated with a payment network or payment processor. TSPs are responsible for a number of functions. They manage ongoing operation and maintenance of the token vault, deployment of security measures and controls, and the registration process of allowed token requestors.
In the current landscape of mobile payments, TSPs should have the ability to issue and manage the entire lifecycle of payment credentials, implement tokenization to reduce payment card fraud and oversee transactions to integrate with the existing authorization host by converting or validating cryptograms as well as performing processing checks, for example. The issuance and remote management of the payment credentials provided by TSPs must conform with specifications defined by the global payment schemes; this can either take place in the cloud using HCE or on a smartphone inside a secure element.
Should you become a Token Service Provider?
To optimize tokenization activity, many banks and service providers are choosing to take control by becoming their own TSP. This enables them to reduce long term costs, maintain independence and increase flexibility to establish an edge over their competitors. To find out more about the benefits of becoming your own TSP, download our white paper Quick Guide: Token Service Provider.