Tokenization is the new payment security


Video by

Tokenization is the new payment security

By Stephanie Graham, Courtny Gerrish. CREATED Sep 2, 2014

It all started with a text college student Chandler Nason got from her parents, asking if she had spent hundreds of dollars on video games. It turns out Chandler was a victim of credit card fraud.

Even though she wasn't liable for the tab, she says it was a headache to dispute the charges and replace the card. "I was pretty frustrated when I found out that my information had been stolen."

Fraud frustrations could soon be minimized, experts say, by implementing a new security system called: 'tokenization'. It's designed to work when you pay with plastic in person, online, or through your phone. The credit or debit card processor substitutes your account number with a 'token' and sends that token to the retailer instead.

Jason Oxman is with the Electronic Transactions Association. He says, "A token is a piece of information, an algorithm if you will, numbers and symbols, that represent a card account number."

Experts say a token is a secret code, valid for a limited time, and when they're used only banks and payment processors know your real account info. That means retailers will no longer have access to card account numbers

"It means that even if somebody is able to breach a retailer for example and get access to those systems, all they'd be able to see are these single use tokens that don't all them to produce counterfeit cards or do anything else to steal account numbers," Oxman says.

Eight million merchants in the U.S. accept credit and debit cards but not all are using tokenization--yet. That's because right now banks, major credit card issuers, payment processors and merchants are working together to create a standardized system. Oxman adds, "We anticipate that tokenization technology will be very widespread around the world in the coming months. It requires a partnership among payments companies and retailers."

But some payment companies are already using tokenization. With this mobile system, you enter your credit card info into an app, and when you pay at a merchant that accepts the app you just enter the bill amount into your phone, and the app sends you a 'token'--a series of numbers and a bar code for the merchant to scan, and voila your payment is made.

Doug Dwyre is with Mocapay. He says, "It's never present in the merchant system. It's never present over the air, or on the mobile handset."

When you pay with a debit or credit card most of the time tokenization will just be working behind the scenes, you won't see the secret code.

Chandler says whether she can see the secret code or not, she hopes it will mean a more secure future for her credit card. "I feel like I should be able to use it online in the store, wherever and not really have to worry about my information being taken."

Doug Dwyer of Mocapay says there is no way to decode the tokens--no mathematical formula that can be reversed to figure out the credit card number. He points out banks and credit card processors, who will have access to credit card account numbers, make tremendous efforts to keep that information secure.