Payments standards body EMVCo has updated its Payment Tokenisation Technical Framework to introduce the new roles of ‘token programme’ and ‘token user’, refine the roles of ‘token service provider’ and ‘token requestor’ and detail “their interrelationships within the global payments environment.”
EMV Payment Tokenisation Specification — Technical Framework v2.0 also includes expanded ecommerce use cases and operational management enhancements “to support global interoperability and facilitate transaction security.”
“The latest document addresses the adoption of payment token use cases in ecommerce beyond existing card-on-file, and offers enhancements to how payment tokens can be controlled within a single payments channel”, EMVCo says.
Key updates within version 2.0 include:
- Expansion of the payment token issuance processes “to enable the request of a payment token with a value other than a PAN.”
- The introduction of a payment token assurance method, designed “to enable a token requestor, such as an issuer, digital wallet provider or merchant, to have information available related to the identification and verification processes associated with the issuance of a payment token.”
- Recognition that “the entity introducing payment tokenization to a payment ecosystem is responsible for establishing a payment token programme. This programme will define the business policies and processes for the generation, issuance and full lifecycle management of payment tokens to ensure their effective delivery.”
- Additional detail on payment token processing “which clarifies the use of a payment token in the authorisation process.”
- The introduction of new concepts around shared and limited use payment tokens “to support the expansion of ecommerce use cases”.
“EMVCo has been working closely with the payments community to develop the technical framework to create a common functional baseline for payment tokenization solutions to achieve worldwide interoperability,” says Jack Pan, chair of the EMVCo Executive Committee.
“This latest version offers significant updates and use cases that reflect payment industry input to define how EMV payment tokens are generated, deployed and managed. The level of detail assists in establishing a stable payment environment and delivering a common set of tools to facilitate transaction security.”
“Our work in the area of payment tokenization continues to evolve as new use cases are identified and functionality is agreed upon,” adds Cheryl Mish, chair of the EMVCo Board of Managers.
“The technical framework needs to capture these industry requirements and be flexible enough to interoperate with the existing payment ecosystem while supporting ecommerce, new payment methods and regional variations.
“To achieve this, we continue to call on the payments community to get involved and provide feedback.”