The US Federal Reserve’s Mobile Payments Industry Workgroup (MPIW) has given cautious backing to the potential of tokenization in mobile payments and formed a subgroup dedicated to exploring the impact of the technology in more depth.
“Developments in tokenization should instil confidence in a payments environment challenged by frequent data breaches and other payments fraud activity,” the group says, “but some hurdles to broad industry adoption of tokenization remain, particularly around standards and coordination of the different solutions.”
“The security of mobile payments has always been a top concern and one of the main barriers to widespread adoption of certain mobile and digital payment technologies,” says Marianne Crowe, vice president of payment strategies at the Federal Reserve Bank of Boston and chair of the MPIW.
“With the recent introductions of new platforms that use tokenization technologies including Apple Pay, we are even more convinced of the need to evaluate the optimal approach to tokenization and determine how the payments industry can better coordinate efforts to protect consumers and businesses alike.”
A report on the group’s June 2014 meeting explains that a variety of tokenization models are currently under development. As well as EMVCo’s Payment Tokenization Specification, work is being undertaken by The Clearing House, the Payment Card Industry Security Standards Council, and the Accredited Standards Committee X9.
These multiple models are due to tokenization’s ability to solve a number of problems with respect to mobile and electronic payment adoption, the report says.
“EMVCo, The Clearing House, and card networks, for instance, are focused exclusively on payments, while others — such as the Payment Card Industry Security Standards Council and the Accredited Standards Committee X9 — are designed to protect stored card data or data at rest,” it explains.
The new tokenization subgroup is charged with investigating the challenges ahead and will “conduct a multi-stakeholder assessment that will include mobile payments industry perspectives on the challenges and opportunities surrounding payment tokenization initiatives”. Deliverables will include “a comparison and gap analysis of the current models, and recommendations for possible solutions to address the gaps.”
The subgroup will also assess issues related to the use of static versus dynamic tokens, how to prevent the creation of fraudulent tokens and the use of token risk assurance levels as well as how tokenization will impact infrastructure, interoperability, and consumer usability.