In a time when data breaches are far too common, many B2B and B2C merchants are worried that they might become the latest headline. These fears are not unfounded, especially in modern times when cybercriminals can commit acts of fraud more simply than in the past. Alternatively, retailers – and businesses of all types to be honest – are more cautions about holding onto their customers' and clients' personal and financial information. The results of a data breach are devastating, so who can really blame them?
The good news is that when it comes to payment processing specifically, the industry is working hard to protect IT systems, comply with requirements and solve cybercrime problems. One such attempt at preventing fraud specifically lies with tokenization.
"Storing a large volume of tokens instead of PANs will result in less cardholder data in IT environments."
Tokenization, a process in which primary account numbers are replaced with tokens, has become the topic of conversations between the press, businesses and even the consumer. The belief is that by separating private information from payment processing practices and procedures, cybercriminals will have a much more difficult time stealing any data whatsoever. If they do manage to collect information in transit, it will be a line of random digits – the token – which is useless without any other data. Additionally, storing a large volume of tokens instead of PANs will result in less cardholder data in IT environments.
While there a few different tokenization solutions and types of implementations due to the variety of methods, technologies and processes, it seems like a great way to solve a very common problem, right? It sounds exciting, but the whole picture points to an unsure future for the cybersecurity practice.
NFC and EMV
The success of tokenization really lies in payment processing industry trends. If it doesn't become the standard method of securing transactions, the bottom line is that is will be unlikely to succeed. Matt Barr, group head of U.S. emerging payments at MasterCard, explained to PYMNTS that the idea of one-time transaction accounts stems from EMV capabilities. Essentially, EMV and tokenization complement each other, and one technology could cause the other to become standard.
However, tokenization also works with a lot of different payment processes, as well. Barr pointed to NFC as another avenue that tokenization adoption could travel down, the source reported. Computer Weekly cited a Deloitte report that found 2015 will be the year that NFC "takes off," predicting that 5 percent of NFC-enabled phones will be used for contactless transactions by the end of 2015.
Ideally, any contactless payment methods would work with tokens. Currently these technologies include everything from the recently introduced AppePlay to Bluetooth technology to QR codes. The bottom line is that it doesn't really matter what hardware consumers choose to utilize, tokenization is a technology that works with past, present and future payment methods.
What's holding tokenization back?
There are many things preventing the standardization of tokenization. The first is the payment card industry itself, but this might not be a problem anymore, thanks to organizations such as Visa and American Express, which are planning on distributing EMV-enabled payment cards throughout 2015.
Then, there are the merchants. It comes down to their willingness to procure and implement new systems, as their lacking security is held responsible for data breaches. That alone could provide motivation, but also if consumers don't adopt the trend, a lot of revenue could be wasted.
This leads to the final determinate factor to adoption: the customer. Until EMV cards are in their hands, this will be difficult to say for sure. In this aspect, consumers need to look out for themselves when it comes to protecting their private information, but they are not particular informed. For example, Computer Weekly reported on a Netbiscuits survey that identified 69 percent of U.K. citizens have not even heard of NFC. That doesn't bode well for EMV or tokenization, but perhaps 2015 will be the year that consumers become informed.
Don't force it
While EMV, NFC and ApplePay show promise to help push tokenization into popularity, those technologies could flood the market, essentially turning a standard payment processing technique into a splintered one.
"With too many payment options, the market will flood and the consumer will forget that tokenization is even behind their payment method."
Alex Moss, managing partner at Conventus, explained to ZDNet that unless there is a massive migration to a single form of payment, ApplePay – in particular – will not become a ubiquitious technology. That same opinion works with EMV and NFC, as well. After all, with too many options, the market will flood and the consumer will become confused and quite possibly forget that tokenization is even behind their payment method.
Similarly, merchants might want a standard payment method before adopting tokenization, as supporting the wide variety of transaction options could become a costly affair. Alternatively, the payment card industry could force tokenization upon the community.
"With Visa getting into tokens, merchants could one day face a mandate," Moss posited, according to the source. "It's the same as PCI and EMV, the card issuers can say, 'Hey, if you don't use this system, we won't process your payments.' Because in the end, they are the ones bearing the bulk of the risk for stolen charges."
The future of tokenization is foggy, but the industry undeniably needs to take security more seriously. Now, its a matter of how and when payment card companies and payment processing organizations decide to work toward a standard in regard to transactions and data protection.
Does Your Business Need Help Accepting Electronic Payments?