What is card-on-file EMV payment tokenization?
This entry was posted on Monday, September 17th, 2018.
The way we pay is changing. Consumers are now using their PC, smartphones, wearable devices and even cars to buy goods and services.
The size and value of the card-not-present (CNP) market is increasing exponentially as payment use-cases across e-commerce, m-commerce and the Internet of Things (IoT) emerge and mature.
What is card-on-file?
The process of collecting and storing payment credentials for future use, known as card-on-file, is fundamental to the remote commerce ecosystem.
The use of card-on-file can be divided into various channels such as recurring payments, one-click ordering, in-app payments and IoT payments.
The cost of convenience?
Although payment methods utilizing card-on-file offer convenience, they also create challenges. CNP fraud continues to surge worldwide, and is set to hit $7.2 billion by 2020.
Merchants must therefore contend with a growing threat of card-on-file databases being compromised and the credentials being used fraudulently.
Combatting Card Not Present fraud – a false economy
To combat this rise in CNP fraud, merchants can deploy various technologies and techniques such as 3-D Secure, validation services, historical data, real-time monitoring and analytics, and manual screening.
Advances are undoubtedly being made to make these security techniques more intelligent and improve risk decisioning, but it is apparent that there is work still to be done. Unnecessary false transaction declines are outstripping the amount of actual fraud 13 times over, meaning retailers are losing a total of $8.6 billion per year due to false declines compared to the $6.5 billion of fraud they are actually preventing.
Merchants, who are in a constant battle against cart abandonment, must also ensure that additional security measures do not compromise the user experience.
Introducing card-on-file EMV payment tokenization
Security approaches that decrease the sensitivity of the underlying payment credential can fight fraud, without compromising the user journey.
EMV payment tokenization describes the process of replacing a primary account number (PAN) with a unique payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.
Importantly, tokens can move through the transaction flow in the same way as the original PAN, meaning merchants can strike an effective balance between high security and a frictionless buying experience.
Enhancing security with EMV payment tokenization
With card-on-file EMV payment tokenization, the merchant only stores payment tokens in their database rather than the actual card number. This delivers various security benefits to the digital commerce ecosystem by reducing the risk and mitigating the impact of malware, phishing attacks and data breaches. Better fraud prevention will have a tangible impact on both consumers and merchants.
Benefits beyond security
Crucially, card-on-file EMV payment tokenization offers much more than simply enhancing security. It can significantly increase convenience for consumers and create efficiencies for merchants.
Card-on-file tokenization systems enable consumer payment details to be instantly refreshed when a card is lost, stolen or expires. It means there is no need for a consumer to login to an online shopping account to update their details, or to miss out on a subscription due to redundant card credentials.
Merchants too can benefit from increased convenience. For example, it helps to reduce the regulatory burden and costs associated with ensuring PCI DSS compliance for stored card credentials.
Value for all
EMV payment tokenization can significantly enhance the security of card-on-file payment methods, while increasing convenience and simplifying the user experience. This brings huge value to the digital payments space, so we can expect to see growing momentum for the technology in the coming months and years.
Rambus’ Token Gateway for E-Commerce solution is one of the first to be qualified under the “Visa Ready” program. This enables token requestors like online merchants, payment service providers and acquirers globally to quickly and securely connect to the Visa Token Service to tokenize card-on-file e-commerce transactions.