Security division icon

Security

Payment Account Tokenization

Designed for central banks and clearing houses to secure account-based transactions, Payment Account Tokenization is a comprehensive software solution that replaces sensitive account numbers with unique tokens and reduces the risk of fraud for transactions including direct credit, direct debit and person-to-person (P2P) payments.

Securing Real-time Payments with Tokenization

Real-time payments (RTP) – where account-to-account transactions can be made in a matter of seconds – are gaining traction worldwide but are also seeing increasing levels of fraud. Payment Account Tokenization leverages a proven process used to secure account-based payments to replace the valuable account credentials with a non-sensitive, restricted use token. This process can significantly reduce the risk and impact of account-based fraud to support the development of a safe and secure instant payments framework.

Direct debit (ACH) account payments contribute to a large majority of the total non-cash payments value worldwide. The credentials associated with these accounts are stored in many different locations (including invoices, payrolls, ecommerce sites, mobile wallets and apps), making them potentially vulnerable for hacking. As more countries move to faster (or instant) account-to-account payments, the timeframe for detecting fraud is drastically decreasing, virtually illuminating the ability for financial institution to implement manual checks on the validity of payments.

When implemented by a centralized body, like a central bank or consortium, Payment Account Tokenization enables central operators to provide a tokenization and detokenization service available to all member institutions. In doing so, it reduces fraud while supporting a seamless integration for multiple use cases including push transactions between businesses, consumers and government.

Example: Using a token for a transaction

Payment Account Tokenization diagram

Payment Account Tokenization enables central operators to provide a tokenization and detokenization service available to all member institutions

Real-time Payments and How to Secure Them

Real-time Payments and How to Secure Them

In today’s digital, on-demand world, we have instant access to information, products and services. Digitization and digitalization has driven this change, and we are now accustomed to almost instant payments via cards, web services and apps. The development of instantaneous payments between bank accounts is therefore a natural evolution. Real-time payments are growing in use as they are adopted by more and more countries and the potential use-cases grow. Mitigating risk in a world where everyday transactions are increasingly dominated by digital technology and instant processing is vital.

Download eBook 

How Payment Account Tokenization Works

Payment Account Tokenization is a comprehensive and modular software solution to protect real-time payments, reduce fraud through tokenization and manage account data faster and safer. The solution consists of a number of primary features, including:

  • Account-based tokenization eliminates the need to store and transmit sensitive account information, alleviating the risk of stolen credentials being used to commit transactional fraud. The system integrates with existing infrastructure and tokens route normally through the payment network.
  • Lifecycle management enables banks to link, suspend, (re)activate or unlink tokenized bank account numbers.
  • Domain controls limit token usage to a specific channel, merchant or spending limit by applying a set of parameters. Any use of the intercepted token outside of its set parameters would immediately flag as fraudulent and render the token useless.
  • Cryptogram protection generates application cryptograms prior to a payment and validates them during a transaction. A cryptogram is a fingerprint of the transaction, holding elements of the originator, recipient, financial institution and the transaction.
  • A token vault is a secured repository, or database, that establishes and maintains the payment token to Sending/Receiving Account number mapping. The token vault is the only area in which the token can be mapped back to the consumer’s original card details. The Payment Account Tokenization token vault complies with Payment Card Industry (PCI) specifications.
Download Securing Real-time Payments with Payment Account Tokenization

Securing Real-time Payments with Payment Account Tokenization

Real-time payments (RTP) have been proliferating globally since 1973, increasingly driven by the need for payments clearing to keep pace with today’s on-demand digital world. But the shift from traditional automated clearing systems to ‘faster payments’ brings challenges. Payment Account Tokenization addresses the issue of fraud head on. The ability to tailor the security level of tokenization itself – by adding domain controls or cryptograms – will also be key as tokens used outside of their pre-defined parameters are easily identifiable and the transaction can be automatically declined.

Download eBook 

From the blog

Related Markets & Applications

Financial
Mobile Edge