Saturday 3 December 2016 | RSS

 
    Feedback
     
     

     

    EMVCo updates tokenization specification with new payment account reference data element

    EMVCo has updated its tokenization specification to include a new payment account reference (PAR) that can be used to link a cardholder’s payment token with their primary account number (PAN) without needing to use their underlying account number.

    EMVCoThe update to the EMV Payment Tokenisation Specification – Technical Framework v1.0 allows for a “consolidated view of transactions on a payment account,” EMVCo says. “This is also needed for security and regulatory reasons, such as risk analysis and anti-money laundering.

    “It is also important for value-added services, as these often leverage historical transactional data to derive analytics and measurements to support customer programmes such as loyalty.”

    PAR “does not contain financially sensitive data,” EMVCo adds.

    “The presence of PAR fulfils a fundamental need to link PAN-based and token-based transactions together. PAR enables the industry to move away from dependence on the PAN as the primary linkage.

    “PAR data cannot be reverse-engineered to reveal the PAN or EMV Payment Token and cannot be used on its own to initiate a transaction such as authorisation, capture, clearing or chargeback. The PAR framework is designed to ensure global interoperability and support broad industry adoption.”

    Underlying security

    The latest updates are documented in the EMV Specification Bulletin No.167 which also outlines how PAR can be used by acquirers, payment processors and merchants to link payment token transactions to those of the underlying PAN.

    “Payment tokenisation enhances the underlying security of digital payments by limiting the risks associated with the compromise or unauthorised use of PANs,” says Mike Matan, chair of the EMVCo executive committee.

    “As well as increasing security, we want to ensure the payment acceptance community can continue to deliver associated payment processing and value-added services which are currently enabled by PAN. PAR addresses this by enabling all payment transactions, regardless of how they are initiated, to be processed in a consistent manner.”

    • Willam Hugh Murray, CISSP

      Any measure that reduces the use of the (fraudulently reusable) account number is a step in the right (“cardless”) direction.

    More headlines...