Menu
Banking Exchange Magazine Logo
Menu

Battle of chip-and-pin vs. tokenization begins

3 questions your bank should be asking

Battle of chip-and-pin vs. tokenization begins Bloomua / Shutterstock.com

Credit and debit card fraud prevention are obviously a top priority with financial institutions today—particularly when the occurrence of data breaches at retailers are increasing by the day. This is unfortunate, but it is a result of a flawed system of weak security and a lack of accountability.

New technology

The times they are a’changing, however, and the card is evolving.

EMV, the chip-and-pin technology, has been deployed through credit cards and soon in 2015 debit cards will follow. This technology will most certainly reduce card present fraud at the point of sale. It is a significant improvement over the mag-stripe technology common today.

Next is the token technology that will significantly reduce card not present fraud such as phone or internet purchases.

Also known as “host card emulation,” in this technology a card user signs up for a token to be used with a particular retailer.

The token exists in the form of a bar code, QR code, or an embedded code within a smartphone specific app (i.e. Apple Pay). This code or token is used to emulate the card, but the card information is masked in a secure “vault.” Nobody can see the card information, only the token.

And the token can only be used for the merchant or service it is assigned to. If the phone or token is lost or stolen, it quickly becomes useless by turning off the token, not the card.

Security is increased and cards do not need to be reissued—but there is an important twist.

The uber important question

Who owns the token?

That’s right!

Who owns the token?

In most cases, but not all, the issuer, the financial institution, owns the BIN (Bank Identification Number) and the PIN keys. And if you plan things right, if your institution decides to switch processors, you may not have to re-issue cards.

But what happens if you have customers who use tokens?

What if you want to change processors? Will your customers lose their token and have to re-enroll?

This can be just as inconvenient to the customer as a card reissue. Not a good thing!

Ask three key questions

Yes, tokens will reduce card not present fraud and increase customer confidence. But here are three questions your institution should ask before you jump into the token space:

1. Who owns the token?

The right answer should be the issuer (your financial institution).

2. Can the vault the token is deposited in be designated or selected by the issuer?

The right answer should be the issuer (your financial institution).

3. Can the location of the token be changed if the issuer decides to change processors?

The right answer should be yes. Your institution should have the right to take the tokens with you.

Don’t execute a contract addendum before you receive the right answer, issuer!

Failure to control and protect your token rights is similar to allowing someone else to control or own your BIN!

It’s Uber important.

The Wombat!

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top

Sections

About Us

Connect With Us

Resources