29 September 2016
Visit dh.com

EMVCo to hammer out specifications for tokens at the digital checkout

17 January 2014  |  10548 views  |  1 add to basket

The card scheme-owned EMVCo standards body is beginning work on specifications for the use of digital tokens - rather than account numbers - for online and mobile transactions.

Tokenisation replaces a traditional card account number with a unique payment token that is restricted in how it can be used with a specific device, merchant, transaction type or channel. When using tokenisation, merchants and digital wallet operators do not need to store card account numbers; instead they store tokens that can only be used for their designated purpose.

The technique was first proposed by Visa, MasterCard and American Express in October when the card giants argued that it would make life simpler and safer for customers shopping on a mobile phone, tablet or PC.

EMVCo - which is owned by the three and Discover, JCB and UnionPay - will now hammer out the specifications, which will complement the existing EMV rules for a "cohesive global payments framework".

Dave Meadon, executive committee chair, EMVCo, says: "The payments landscape is undergoing significant change, as new types of payments devices and experiences are developed to address the blurring of the physical and digital worlds. EMVCo's continued work to define specifications for the payment industry will establish a reliable, interoperable and secure framework to enable 'digital commerce' to achieve its full potential."

The body says that it will consider existing standards to promote industry interoperability and tap current infrastructure established by the wider payments ecosystem.

EMVCo is planning new data fields to improve transaction efficiency and prevent fraudulent card account use. It will also create a consistent approach to identify and verify the valid use of a token during payment processing including authorisation, capture, clearing and settlement.

Industry stakeholders are being invited to contribute to the process through the EMVCo associate programme.
KeywordsE-COMMERCE

Comments: (1)

A Finextra member
A Finextra member | 17 January, 2014, 13:05

It was about time for ensuring that the EMV card applications do not provide the PAN data 'in clear' to the POS devices and ATMs. I have been talking

However my view is that this may not be the best approach UNLESS tokenization is left to be an issuer specific extension of the EMV. In other words the Issuer Host and EMV card application should share a symetric secret key - they already have such shared key - one used for the Application Cryptograms

I therefore do not see the need for the big changes to the existing EMV specification set are in fact required. EMV standard should only specify that the behavior of the existing READ RECORD APDU should be modified for the specific Tag value which points to the PAN data. In that case only, the READ RECODS APDU implementation in the EMV card application should use symetric key (the on that is shared with the Issuer Host) and produce the 'PAN token' which 'looks, feels and behaves like real original PAN' i.e.

1. preserves the original BIN/IIN

2. preserves last 4 digits of the real PAN

3. has everything in between #1 and #2 encrypted OR hashed OR MAC-ed by the symmetric key

This MUST be done per txn. The token should not be possible to be reused. Nothing else should be done.

Now with this said, I do not think that EMV needs to even change. Issuers can do this today on their own (instruct their EMV card application developers) and it will be 100% transparent to the merchant POS systems, merchant backend systems, acquirer systems, payment schemes.

Only Issuer Host and EMV card applications (both owned and controlled by the card issuer) would be aware of this happening.

Why do EMVco executives need to have another big PR announcement is beyond my understanding. This industry is not capable of innovating it is obvious.

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

MasterCard and Intel tap NXP for contactless e-commerce payments

MasterCard and Intel tap NXP for contactless e-commerce payments

20 November 2013  |  7419 views  |  0 comments | 6 tweets | 15 linkedin
MasterCard joins Fido Alliance in bid to replace passwords with biometrics

MasterCard joins Fido Alliance in bid to replace passwords with biometrics

11 October 2013  |  15344 views  |  0 comments | 12 tweets | 14 linkedin
Amazon challenges PayPal with 'Login and Pay with Amazon'

Amazon challenges PayPal with 'Login and Pay with Amazon'

09 October 2013  |  12553 views  |  0 comments | 22 tweets | 14 linkedin
Card giants bid to boost online checkout security with digital tokens

Card giants bid to boost online checkout security with digital tokens

01 October 2013  |  15660 views  |  2 comments | 21 tweets | 22 linkedin
E-commerce verification outfit Trustev wins EC start-up competition

E-commerce verification outfit Trustev wins EC start-up competition

14 June 2013  |  5172 views  |  0 comments | 3 tweets | 5 linkedin
Soaring mobile commerce and payments volumes boost eBay

Soaring mobile commerce and payments volumes boost eBay

17 January 2013  |  5948 views  |  0 comments | 6 tweets | 3 linkedin
UK government body to invest £1.5 million in m-commerce security projects

UK government body to invest £1.5 million in m-commerce security projects

23 November 2012  |  8186 views  |  2 comments | 11 tweets | 6 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Find out moreVisit VocaLink.com

Top topics

Most viewed Most shared
RBS tests demonstrate ability of Ethereum to support a national domestic payments systemRBS tests demonstrate ability of Ethereum...
14302 views comments | 55 tweets | 48 linkedin
Swift beware: Ripple signs banks to global payments steering groupSwift beware: Ripple signs banks to global...
8960 views comments | 33 tweets | 18 linkedin
Banks clubbing together to tackle KYCBanks clubbing together to tackle KYC
8200 views comments | 3 tweets | 9 linkedin
BNP Paribas is working with clients on blockchain deploymentBNP Paribas is working with clients on blo...
7305 views comments | 14 tweets | 30 linkedin
FCA to kickstart sandbox with 24 applicantsFCA to kickstart sandbox with 24 applicant...
7277 views comments | 33 tweets | 15 linkedin

Featured job

Find your next job