Tokenization of payments is helping to streamline settlements, without neglecting security protocols. Here we explore what they offer and how they are developing
Tokens are emerging as the leading technology for making money movements in a much safer, more flexible and faster way. As a result, they are becoming indispensable for any entity that processes electronic payments, from banks, paytechs and card issuers, to wearable manufacturers and large technology companies.
A token is a symbolic representation of sensitive data, such as a customer's credit card or account digits. The original information is not exposed, so there is no way to know what it is, and the encryption that protects it is also virtually impossible to interpret.
In theory, any information can be tokenized, including bank transactions, medical records or loan applications. And in practice, everything from merchants to giant acquiring networks are using tokens to reduce the risks of fraud in digital payments, a vertical whose adoption is growing steadily.
To do this, credit and debit card data is converted to this unique digital identifier, which can be deployed on different devices. Thus, the number of the same card can have as many tokens as associated devices (cell phones, tablets, smartwatches) or digital wallets (from a bank, fintech or a technology company such as Apple Pay or Samsung Pay).
Then, if one of the related devices or media has been breached (by theft or fraud) it can be deactivated, without compromising the rest.
In short, tokenization is a fundamental tool that streamlines payments and helps to evolve a traditional medium, such as the card, into a highly secure omnichannel payment instrument.
The use of digital and contactless payments has steadily increased in recent years; a trend that will continue to grow. According to Statista, in 2020 it was estimated that there were approximately 2.8 billion digital wallets in use worldwide. By 2025, wallets are expected to reach 4.9 billion. An important element behind this boom is tokens.
During the tokenization process, the user's card credentials are replaced by randomly generated alphanumeric characters. The actual data is secured and stored inside a virtual vault, outside the device, which minimizes vulnerability risks.
Payment card industry standards (PCI DSS) do not allow card information to be stored in the point-of-sale terminal, virtual gateways or merchant databases (physical or virtual) where it is used. Instead, payment processors issue tokens, while keeping the actual data hidden.
For their part, tokenization standards are also overseen by the EMVCo guidelines, a global association created by Mastercard, Visa and American Express in 2013, in order to ensure the acceptance of this processing system globally.
For each transaction, the token must be paired with a cryptogram (an encrypted key) as a requirement for use. This adds another layer of security for any type of transaction.
Single-use tokens are those that cease to function when the specific transaction that required their creation has been performed. Digital wallets, when making QR payments, use this type of tokenization to provide security and validate each transaction. Similarly, when a buyer purchases an item in a marketplace and enters his card data, these numbers are tokenized and disappear after the purchase is completed.
Permanent use tokens, on the other hand, allow continuous linkage between the card and the applications or devices that the user authorizes.
Each wallet installed in the mobile, although it may be integrated with the same card, has a different token that protects the data and is stored in the cloud. The same applies to devices, as permanent tokens exclusively link a card to a cell phone or any specific wearable.
Permanent tokens are ideal for recurring payments or platform subscriptions, as they generate a code that does not expire and requires the user to enter credentials only once, which improves the user experience (UX) and simplifies payment renewals.
Another lock-in offered by permanent tokens is that they are impossible to use outside the ecosystem for which they were created.
All this combination of factors translates into trust for customers and lower losses for institutions, which also reinforce their image of solidity.
Tokens as assets in payments clearing also have significant potential to change the current financial dashboard.Traditionally, transactions between institutions are settled by updating balances in account records housed in a centralized system, such as a central bank clearing house. New technologies based on Distributed Ledger Technology (DLT), however, make it possible to create digital tokens to be used as assets to settle payments.
In the field of person-to-person (P2P) payments, this will allow money transfers without involving intermediaries. The same for larger sums between companies or entities (B2B), which will improve the efficiency and speed of movements through the use of harmonized data standards.
Currently, there are already private instances with initiatives underway to explore the potential of digital tokens as institutional payment assets, according to the Bank for International Settlements (BIS).
Certainly, there are some challenges to overcome, as reported by the BIS, such as the fact that a token can be designed in various ways, according to the use case, affecting the issuance mechanism and the availability of the asset.
However, exploration of potential solutions is ongoing and new opportunities for adoption are ample, as the virtues of this technology are undeniable.
Tokens are leveraging digital payments, with security keys that invite businesses and users to complete secure purchases, both physical and online
Join our online community and stay up to date with the latest news from the world of technology.