The peaks and pitfalls of payments tokenization
High profile data breaches, mounting fraud losses, regulatory demands and rising consumer concerns have driven retailers and banks to increase their efforts to improve standards of payment security.
It is no surprise, then, that the use of tokenization is starting to gain significant ground, with a recent survey by Forrester Consulting for ACI indicating that 34% of retailers are already using the technology and a further 36% are conducting pilot programs.
Tokenization, which replaces the Primary Account Number with a unique value or numeric sequence, renders transaction data useless to thieves because they are unable to reverse the process to uncover the original data. As well as deterring hackers and helping to protect sensitive information, the use of tokenization outwardly demonstrates a strong proactive measure in the fight against fraud - helping to boost consumer confidence and brand reputation.
Recently, tokenization has become particularly popular with card-not-present channels, especially in the mobile payments space where some of the mainstream players have pinned their security strategies around the approach. The ability for tokenization to simultaneously enhance the security of digital payments and simplify the customer buying experience has made it an appealing and logical option.
Tokenization also delivers some great benefits around regulatory challenges – by reducing their storage of sensitive data, merchants can reduce the scope and costs of PCI DSS compliance.
Despite its undeniable advantages, however, tokenization and how it is implemented can have critical implications for payments risk management and fraud prevention. To ensure that tokenization delivers effectively alongside other operational solutions, merchants need to scope and assess a variety of challenges including:
- Dealing with legacy data or data at rest – to what degree will tokenization be introduced in these areas?
- How will reconciliations, returns, refunds and chargebacks be handled during the implementation period?
- What are the benefits of single vs multi-use tokens, and how do they impact on velocity rules and link analysis?
- Token format – what ‘identifiers’ might need to be retained in the transaction information to support effective order reconciliation and fraud detection?
- Are there limitations in deploying an in-house tokenization solution?
- What is the place of tokenization in the broader payments security and fraud prevention strategy?
Failing to thoroughly understand these and other areas can have a far-reaching and costly impact on the effectiveness of fraud management strategies and on brand loyalty, bringing the risk of missed fraud and disruption to the customer experience.
Related Blog Posts
Defense in Depth: Fighting Fraud in India with a Multi-Layered Approach
There’s a quip, albeit ironic, making the rounds as forwarded emails and messages – “Who’s driving digital transformation among enterprises: CEO or CIO? The correct answer is COVID-19.” Going beyond impacting global well-being, COVID-19 is pushing the corporate world to rapidly introduce new measures for business continuity. Diametrically opposite to continuity, the black swan event of the novel coronavirus is creating disruption in terms of exploitation and fraud perpetration – especially in the banking and financial sector.
Introducing Incremental Learning: An Industry-First Boost for Fraud Prevention
In our previous blog on machine learning, we sought to clarify its role in fraud prevention for merchants. To summarize, it can be an extremely effective way to identify patterns of fraud in a manner and at a speed that humans cannot. It is a critical tool in the fight against fraud, especially when used as part of a multi-layered fraud solution.
Machine Learning: Separating Fact from Fraud Fiction for Merchants
Machine learning is a broad discipline about which many claims, sometimes extravagant, are made. In recent years, it has often been hailed as the most effective answer to stopping payments fraud.
At ACI, we’ve been working with machine learning models to prevent fraud for over two decades – and we know they can play a critical role in improving fraud detection accuracy. Here we bring together a few insights on how models can be used most effectively.
For Financial Institutions, Community Is Critical to Fighting Fraud with Machine Learning
In November 2019, our experts predicted that democratized machine learning and shared intelligence would be among the most important fraud prevention trends for financial institutions (FIs) in 2020.
Fraud Prevention Is the Frontline of Customer Experience
Digital transformation has done more than disrupt business models. In almost every consumer-focused market – and most business-to-business ones, too – it has fundamentally re-oriented the competitive landscape around customer experience as a core differentiator.
SCA: How PSPs Can Help Merchants Stay One Step Ahead
The main objective of PSD2’s Strong Customer Authentication (SCA) is to protect customers and reduce fraud by introducing new measures that ensure that customer-initiated transactions are being made by the genuine cardholder.
The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Merchant Fraud in the Age of COVID-19: We Need to Prepare Ourselves for a “Tidal Wave” of Attacks
With millions of consumers around the world self-quarantining at home, online shopping for goods, services and entertainment has become the new normal for many. A recent analysis of our own data has shown that average transaction volumes in the retail sector in March rose 74 percent compared to the same period last year.
Predicciones de fraude para el 2020: Qué esperar con la rápida evolución del panorama de pagos en América Latina
La industria de pagos en América Latina está experimentando diversos cambios en varios segmentos a medida que la población de la región está cada vez más bancarizada y comienza a usar pagos electrónicos. Aunque el efectivo sigue siendo la forma de pago dominante, los gobiernos han impulsado los pagos electrónicos a través de la regulación. Esto ha asegurado que la aceptación y el crecimiento del pago con tarjeta hayan aumentado constantemente, han aparecido bancos digitales en diferentes países y el comercio electrónico ha aumentado significativamente.
Previsões para fraudes em 2020: O que esperar com o cenário de pagamentos em rápida evolução na América Latina
As violações de dados que envolvem dados de pagamento dobraram no ano passado por várias razões - falta de inovação em segurança, prioridades corporativas equivocadas e fraquezas nos portais de desenvolvedores, para citar alguns.