Card giants bid to boost online checkout security with digital tokens

Card giants bid to boost online checkout security with digital tokens

Visa, MasterCard and American Express want to overhaul global e-commerce security, ditching account numbers in favour of digital tokens for online and mobile transactions.

The three card giants are calling on other industry players to join them in backing a proposed framework for the new global token standard, which they argue would make life simpler and safer for customers shopping on a mobile phone, tablet or PC.

The proposed framework would see issuers, merchants and digital wallet providers able to request a token so that when an account holder initiates an online or mobile transaction, the token - and not the traditional card account number - would be used to process, authorise, clear and settle the payment. Tokens could be restricted in how they are used with a specific merchant, device, transaction or category of transactions.

To help ensure consistency around the world, the standard used to generate the tokens would be based on "existing industry standards", says a statement, and be available to all the networks and wider market participants.

Ed McLaughlin, chief emerging payments officer, MasterCard, says: "This continued transition from plastic cards to digital is all about providing consumers with the ability to easily and safely make a purchase. They would no longer need to store their actual card account number when shopping online or with a smart device; the token would serve as that stand-in."

Mike Matan, head, global network business, American Express, adds: "In addition, we will be able to drive the rapid adoption and expansion of digital payments, delivering innovative new products and services that will allow consumers to realize the full potential of digital commerce in today's world."

Comments: (2)

A Finextra member
A Finextra member 01 October, 2013, 15:24Be the first to give this comment the thumbs up 0 likes

This would help with security of course (if the token management UI is realistically usable by all) but it could also be a huge existential challenge to all layers in the payment processing cake. In some configurations, the big players could take much more control of (and revenue from) the end-to-end process.  It could just be a classic "disrupt the disrupters" move by the established players!

A Finextra member
A Finextra member 10 October, 2013, 17:31Be the first to give this comment the thumbs up 0 likes

How would be token safe than account number? Guess, with account number you would need other parameters to confirm. In case of just token - it would be a mess if someone gets the hold of token. Hope we come get some elegant solution. All the best.