The peaks and pitfalls of payments tokenization
High profile data breaches, mounting fraud losses, regulatory demands and rising consumer concerns have driven retailers and banks to increase their efforts to improve standards of payment security.
It is no surprise, then, that the use of tokenization is starting to gain significant ground, with a recent survey by Forrester Consulting for ACI indicating that 34% of retailers are already using the technology and a further 36% are conducting pilot programs.
Tokenization, which replaces the Primary Account Number with a unique value or numeric sequence, renders transaction data useless to thieves because they are unable to reverse the process to uncover the original data. As well as deterring hackers and helping to protect sensitive information, the use of tokenization outwardly demonstrates a strong proactive measure in the fight against fraud - helping to boost consumer confidence and brand reputation.
Recently, tokenization has become particularly popular with card-not-present channels, especially in the mobile payments space where some of the mainstream players have pinned their security strategies around the approach. The ability for tokenization to simultaneously enhance the security of digital payments and simplify the customer buying experience has made it an appealing and logical option.
Tokenization also delivers some great benefits around regulatory challenges – by reducing their storage of sensitive data, merchants can reduce the scope and costs of PCI DSS compliance.
Despite its undeniable advantages, however, tokenization and how it is implemented can have critical implications for payments risk management and fraud prevention. To ensure that tokenization delivers effectively alongside other operational solutions, merchants need to scope and assess a variety of challenges including:
- Dealing with legacy data or data at rest – to what degree will tokenization be introduced in these areas?
- How will reconciliations, returns, refunds and chargebacks be handled during the implementation period?
- What are the benefits of single vs multi-use tokens, and how do they impact on velocity rules and link analysis?
- Token format – what ‘identifiers’ might need to be retained in the transaction information to support effective order reconciliation and fraud detection?
- Are there limitations in deploying an in-house tokenization solution?
- What is the place of tokenization in the broader payments security and fraud prevention strategy?
Failing to thoroughly understand these and other areas can have a far-reaching and costly impact on the effectiveness of fraud management strategies and on brand loyalty, bringing the risk of missed fraud and disruption to the customer experience.
Related Blog Posts
Taking a Holistic View of ISO 20022 Migration and Payments Modernization in the Pacific
Today’s payments modernization efforts, most notably real-time payments, not only work to satisfy changing consumer preferences and behaviors, they also serve to future-proof national economies throughout the world. But for real-time payments to deliver maximum value, consumers and financial institutions must be able to exchange meaningful and actionable information — hence the development of ISO 20022, a standard for electronic data interchange that facilitates the fast, standardized and secure exchange of financial messages across borders.
How ISO 20022 Represents Both a Challenge and an Opportunity for Southeast Asia’s Payments Landscape
Governments across Southeast Asia (SEA) are increasingly recognizing the vital role that payments play in the engines of their economies, which has resulted in a number of payments modernization initiatives such as those in Vietnam and Malaysia (PayNet). Yet there is one particular area in which SEA’s financial institutions might still be lagging behind their global counterparts: the adoption of ISO 20022, which has become the global standard for high-value payments and immediate payments (IP) when it comes to cross-border payments.
Ready or Not, The Time Is Now for Real-Time Payments
Research from ACI and GlobalData confirms that demand for real-time payments is only going in one direction: up. The root cause of this increasing demand is rising customer expectations and behaviors; clunky and opaque payment experiences are becoming less tolerable in a world where customers can buy, watch and listen to almost anything with a swipe, tap or click.
When It Comes to Payments, COVID-19 Crisis Could Lead to Long-Term Shifts in Consumer Behavior [Q&A]
ACI Worldwide and GlobalData recently launched Prime Time for Real-Time, a new global report tracking and analyzing real-time payments volumes, growth and dynamics across 30 global markets. According to the global research, an industry first, more than half a trillion real-time payments transactions will be processed over the next five years. I discussed what the findings mean, and how the COVID-19 pandemic might be a further catalyst for behavioral change, with ACI’s global head of real-time payments, Craig Ramsey.
TCH RTP and FedNow: What’s Next for U.S. Immediate Payments?
It has taken some time, but immediate payments (IP) are on the move in the United States. Although the speed of adoption has been slightly behind the curve of regions like India, the Nordics and the U.K., the U.S. has seen significant year-on-year IP growth of 69 percent.
Social, Mobile and Instant Payments: How Digital Payment Overlay Services Will Power Up P27
For some years now, the Nordics region has been a global-standard bearer for payments and financial services innovation. Sweden has for many years been a leader in the progressive move towards cashlessness, championing the range of efficiencies that it brings. Major payments innovators like Klarna, FundedByMe and iZettle are based in the region, rubber-stamping Stockholm as a genuine fintech hub. Analysts and insight leaders also regularly single the Nordics out as a genuine leader, in particular praising the collaboration between governments, regulators, financial institutions and businesses that has led to such fertile ground for financial modernization initiatives.
Women in Payments: Celebrating International Women’s Day 2020
International Women’s Day, celebrated on March 8, honors the social, economic, cultural and political achievements of women – including equality for all women.
To commemorate the occasion, we spoke with a few female leaders in the payments industry about what the day means both for them and for the wider payments industry. The comments and insights we received were nothing short of inspiring and encouraging.
Women in Payments: Student Perspectives on the Payments Industry (Part 1)
Last month, ACI’s Omaha office hosted six students from the University of Nebraska Omaha’s Information Technology department for a one-day event, showcasing ACI’s solution offerings and the company’s role in the global payments industry. The six students, all of whom were members of UNO’s Association for Computing Machinery-Women (ACM-W) chapter, had previously participated in one of ACI Omaha’s Coding for Girls Camps.
How to Meet ISO 20022 Migration Deadlines for Fedwire and SWIFT
Over the next decade, we will undoubtedly see huge shifts in how financial institutions throughout North America transact, whether domestically or across international borders. This will be driven not just by changing technologies, but also by regulatory events – such as the widespread adoption of financial messaging standards like ISO 20022.
How Can European Banks Meet the ISO 20022 Migration Deadlines for TARGET2 and SWIFT?
First published in 2004 – and already broadly used in some quarters – ISO 20022 is rapidly set to become the de facto standard for financial messaging around the world, replacing MT messages.