Payments Leader

Tokenization for Frictionless and Secure Card Payments

November 2, 2017

Kris Carrera, Business Line Executive, Credit

The dangers of cyber fraud are well known, as are many of the largest hacks. However, how financial institutions and retailers fight that fraud is now changing. While the EMV migration continues for card-present sales, the use of tokenization, with its unique technology and processes, is positioned as ideal for retailers looking for an added layer of protection online. In its most basic form, tokenization aims to lower the value of sensitive data stored on mobile devices, retailers’ servers and transmitted over networks during payment transactions.

Financial institutions must get on the tokenization bandwagon or they risk losing out on being the facilitator of secure and frictionless payments. By extension, they also risk losing a large portion of their customer portfolio.

Secure Engagement

The easiest way for cybercriminals to profit from data breaches is through the theft of identity information and payment card data. Fear of such thefts has been one of the key reasons cited for the slower than expected growth in mobile and online payment adoption over the past few years. This is somewhat paradoxical as the underlying security infrastructure online is often better than the security and privacy offered by more conventional transactions, including EMV-based card transactions. The problem has been that many consumers have been unaware of such benefits. As that awareness grows, however, customer engagement is expected to grow.

Many financial institutions have been slow to realize the importance of offering tokenization services to their customers and retailers – even those that have tokenized are still slow to take the first step. Tokenization should not be compared with regulatory changes like EMV migration. It is not a security hoop to jump through; tokenization makes payments fast and frictionless while keeping the consumer and retailer secure. Without a more inclusive tokenization strategy, banks risk losing out as their customers move to the more secure online and mobile payment methods offered by new entrants.

Tokenize and Evangelize

The tokenization of payments is the effort to replace sensitive data, such as credit card numbers and PINs, with a unique identifier that can only be authenticated, decrypted and translated by the token provider. Tokenization is now the primary mechanism to protect cardholder data in a contactless transaction, whether in-store or online, and it provides a highly frictionless purchase experience that is also remarkably easy to set-up.

An existing customer card can be easily tokenized and only needs to be loaded into a wallet once. This tokenized card can then be used to transact at many different outlets. There is no need to re-enter card details at each new merchant, so no sensitive information is stored on retailers’ servers nor embedded within their apps. It is vital to ensure the onboarding process is easy and this extends to automatically tokenizing newly acquired customers at sign up – banks need to immediately give out a tokenized card for loading into new customers’ wallets. The tokenized card is ready for immediate use, days before the physical card arrives from the printers.

However, offering tokenized cards for a digital wallet is not enough – banks need their cards to remain top-of-wallet. Banks need to fully embrace the technology while educating and evangelizing the benefits to their customer base in order to do this. As awareness grows, banks should look to leverage the efforts of others that are promoting the technology to help their customers migrate to their own tokenized solutions rather than to PayPal, Apple Pay, Google Pay, Masterpass or Visa Checkout. Banks also should study how customers are using their cards today to find ways to demonstrate the advantages of using tokenized payments in the future.

Frictionless, Fast and Secure

The road to including tokenization technology is fast and straightforward for all involved parties. Tokenization has no impact on physical retail terminals and there is no change to the processing side of any payment. There’s no need for merchants to invest in new hardware or software and, for issuers, implementing tokenization has little impact on their existing back-end technology.

The main reasons cited for using mobile payments are its convenience, security, speed, and utility as a backup wallet. As consumers feel more confident about the security of their payment information, they should naturally use tokenized cards more often. In fact, tap-and-go and other smaller-value, in-store purchases increasingly are made via tokenized payment mechanisms.

No Token Effort

Overall, consumers are starting to better understand the security benefits of mobile payments and there are very few reasons why payment innovators wouldn’t embrace tokenization to improve their security. It even works with the ongoing migration to EMV cards, so the time is ripe to make a move. Securing payments with tokenization, whether card-based, contactless or mobile, increases protection of face-to-face transactions and promises to revolutionize remote and online transactions.

The EMV battle is largely won – 2018 will be increasingly about tokenization. Financial institutions must get on board or risk a drastic reduction in customer portfolio and payment levels. Participation is not enough, this is not a regulatory box to check off, banks need to step up and educate their customer base to ensure long-term growth.


Kris Carrera

Business Line Executive, Credit

With over 25 years of international payments experience, Kris was responsible for the launch of the first successful cobranded card program. A leader in risk-based pricing and target marketing using predictive data analytics, she specializes in merchant services, credit cards and home equity. Kris has received Best Travel Card, Best Cobranded Card and Best Private-Label Program awards.