Monday 26 September 2016 | RSS

 
    Feedback
     
     

    Federal Reserve gives cautious backing to tokenization

    The US Federal Reserve’s Mobile Payments Industry Workgroup (MPIW) has given cautious backing to the potential of tokenization in mobile payments and formed a subgroup dedicated to exploring the impact of the technology in more depth.

    US Federal Reserve seal

    “Developments in tokenization should instil confidence in a payments environment challenged by frequent data breaches and other payments fraud activity,” the group says, “but some hurdles to broad industry adoption of tokenization remain, particularly around standards and coordination of the different solutions.”

    “The security of mobile payments has always been a top concern and one of the main barriers to widespread adoption of certain mobile and digital payment technologies,” says Marianne Crowe, vice president of payment strategies at the Federal Reserve Bank of Boston and chair of the MPIW.

    “With the recent introductions of new platforms that use tokenization technologies including Apple Pay, we are even more convinced of the need to evaluate the optimal approach to tokenization and determine how the payments industry can better coordinate efforts to protect consumers and businesses alike.”

    A report on the group’s June 2014 meeting explains that a variety of tokenization models are currently under development. As well as EMVCo’s Payment Tokenization Specification, work is being undertaken by The Clearing House, the Payment Card Industry Security Standards Council, and the Accredited Standards Committee X9.

    These multiple models are due to tokenization’s ability to solve a number of problems with respect to mobile and electronic payment adoption, the report says.

    “EMVCo, The Clearing House, and card networks, for instance, are focused exclusively on payments, while others — such as the Payment Card Industry Security Standards Council and the Accredited Standards Committee X9 — are designed to protect stored card data or data at rest,” it explains.

    The new tokenization subgroup is charged with investigating the challenges ahead and will “conduct a multi-stakeholder assessment that will include mobile payments industry perspectives on the challenges and opportunities surrounding payment tokenization initiatives”. Deliverables will include “a comparison and gap analysis of the current models, and recommendations for possible solutions to address the gaps.”

    The subgroup will also assess issues related to the use of static versus dynamic tokens, how to prevent the creation of fraudulent tokens and the use of token risk assurance levels as well as how tokenization will impact infrastructure, interoperability, and consumer usability.

    Readers can download the full report on the June 2014 MPIW meeting here.

    • Ulf Mattsson

      I find it very timely to solve the “challenges and opportunities surrounding payment tokenization initiatives”.

      The good news is that retailers have found flexible tokenization solutions imposing minimal changes to their legacy systems and infrastructure.

      I’m very concerned about the trend illustrated by Target’s 70 million compromised accounts containing information that can lead to identity theft. This PII information can be protected by data tokenization and I think that standardization efforts should include PII information, not just payment data.

      Recent studies reported that data tokenization can cut security incidents by 50 % also for personal data.

      This can help prevent identity theft.

      Ulf Mattsson, CTO Protegrity

    More headlines...