Until just recently, the term “tokenization” was just one more bit of geek-speak bandied about by analysts, specialists, and sundry alarmists. It had been in the arcane world of digital security along with another such term—“card-not-present fraud”—a real but generally fuzzy threat, for which tokenization presents a real, but again fuzzy, counter.
Then along came Apple Pay. Since the big Apple announcement in early September, the response from the industry has been impressive. First Data Corp., Computer Services Inc., Fiserv, MasterCard, TSYS, Visa, American Express, and, no doubt, more companies have started touting tokenization in the same breath as Apple Pay.
The other thing about tokenization is the hope that it will work side-by-side with two other technological forces slowly but implacably emerging: near-field communication, or NFC, and EMV, or chip-and-PIN. The first is seen as enabling contactless payments at the point of sale, and the latter is seen as addressing card-present fraud. Along with tokenization, all three are seen working together to boost secure and easy ecommerce both online and in person.
It may or may not be interesting that Apple itself never uses the word “tokenization” in its Apple Pay announcement, but it’s clear that’s what’s happening. Here’s the relevant passage from the press release: “When you add a credit or debit card with Apple Pay, the actual card numbers are not stored on the device nor on Apple servers. Instead, a unique Device Account Number is assigned, encrypted, and securely stored in the Secure Element on your iPhone or Apple Watch. Each transaction is authorized with a one-time unique number using your Device Account Number and instead of using the security code from the back of your card, Apple Pay creates a dynamic security code to securely validate each transaction.”
Okay, some say po-tah-tow, some say po-tay-tow—this is still a good description of what tokenization is all about. The point here is that all these arcane terms soon will shift out of academic argot into the parlance of general culture. Just as “big data” rapidly transferred from scholarly journals into high-priced television commercials during the evening broadcast news shows, and just as it became unnecessary to spell out “ATM,” we all soon will instantly know about and expect to be protected by tokens.
Why? Why do people camp out for days in front of Apple stores in order to be the first ones to pay hundreds of dollars for the latest iPhones? There is buzz around anything Apple does. That buzz quickly travels through the consciousness of the general public. As millions of people get their hands on the new gadgets they’ll experiment with all the new capabilities they’re offered. One can just bet that Android-based smartphones won’t be far behind with similar or even enhanced capabilities. Millions of people owning millions of devices equates to shifting tokenization protection out of the academic halls and into the shopping malls.
“Apple Pay has transformed mobile payments in a way that our clients will love, and will have an impact on the industry like never before,” says Frank Bisignano, First Data’s chairman and CEO. The company calls the debut of Apple Pay “a turning point for enabling mobile ecommerce.”
Fiserv for its part announced that it has expanded its mobile payments solution portfolio to include tokenization capabilities via Visa Token Service and MasterCard Digital Enablement Service. “As mobile payment technology becomes more accessible and convenient, consumer adoption will accelerate,” says Kevin Gregoire, president, Financial Institutions Group, Fiserv.
Both Visa and MasterCard emphasize the security aspect of tokenization, and relate it to increased acceptance of contactless payments for day-to-day commerce.
“When you make the payment environment safer, you open up a world of possibilities where commerce can take place in different forms and consumers can shop anywhere, on any device, with confidence,” says Charlie Scharf, CEO, Visa.
“In the digital age, all connected devices are becoming commerce devices and as a result we must make safety and security paramount,” says Jennifer Rademaker, executive vice president, Solution Sales and Customer Delivery, MasterCard.
So how does this all relate to banks? One early, if limited, indication comes from an informal poll The Members Group conducted during a webinar about a week after the Apple announcement. Representatives from 68 financial institutions shared their mobile payments plans. Some results:
• 26 reported having a mobile payments strategy in place today.
• 40 said they plan to enable their cards for tokenization by the end of 2015.
• 57 said they have plans to participate in the Apple Pay solution.
• 55 said they would be interested in a financial institution-branded tokenized mobile payment solution for Android.
“TMG has been preparing for the day payments would be made using NFC and tokenization. With the introduction of Apple Pay, that day has arrived,” says Shazia Manus, TMG CEO.
Perhaps most telling of all is the willingness of banks to forthrightly align themselves with Apple Pay right at the outset. The statements included in the Apple Pay press release pretty much put tokenization on the front burner, and speak for themselves:
“JPMorgan Chase has been pleased to collaborate on Apple Pay to create a better, faster, and safer payments system, which puts the customer first, creating an exceptional customer experience for consumers and merchants. Everyone wins,” says Jamie Dimon, chairman and CEO, JPMorgan Chase and Co.
“We’re providing our customers with tools to make their financial lives better, including our 30 million digital banking customers. For them, better means simple and convenient. Apple Pay is another exciting move in that direction,” says Brian Moynihan, CEO, Bank of America.
Sources used for this article include: