Tokenization

UL can assist you with formulating the best security strategy and how tokenization fits within such.

EMVCo, the standards body that defined smart card payments, characterizes token as a ‘surrogate for an actual card application’. Retailers process tokens in the same way as cards, which means there is no need to change the already installed points of sales. The clever processing is done by a Token Service Provider who holds the actual card information.

Tokens can be used to leverage other channels, including, NFC Host Card Emulation, Internet transactions and Bluetooth Smart beacons, so the technology is not limited to retailer point of sales terminals.

In the context of payments, the high-value credential is the Primary Account Number associated with a payment card. Payment tokens are a standard feature of any mobile NFC payment initiative since 2014 - when EMVCo first defined them. Examples include Apple Pay, Samsung Pay, Android Pay and many mobile payment initiatives based on HCE technology. 

The use of tokens reduces the chance of cross-channel fraud, where a fraudsters obtains a PAN from one payment channel (e.g. a card skim, a hack of PoS devices or a security breach of a payment processor) and uses it to commit fraud over another channel (e.g. card-not-present transactions in an internet shop). If a mobile card contains a token instead of a real PAN, a dedicated Token Service Provider will map the token back to the original PAN if and only if the token is used for a card-present transaction in a brick-and-mortar shop. A fraudster therefore cannot use a stolen token to buy goods over the internet or retrieve cash from an ATM.

When issuing a mobile payment card, the issuing bank needs to connect to a Token Service Provider (TSP) in order to obtain a token for the PAN of the associated physical payment card. Likewise, when the card holder uses the mobile card to make a payment, the transaction needs to be routed to the TSP in order to map the token back to the original PAN. The bank needs to make a business decision on how to procure a TSP. Options range from insourcing a solution from a tokenization vendor to connecting to the digital enablement platform of one of the payment schemes. Depending on that decision, the bank needs to adapt their infrastructure and/or implement the necessary interfaces.

Companies looking for a seemingly quick approach to data protection can look towards tokenization. However, you need to carefully consider the framework of tokenization and its implication to your overall security strategy. UL can assist you with formulating the best security strategy and how tokenization fits within this.

UL supports Payment Brands with technical expertise and local experience to stay relevant and competitive in the fast moving world of mobile payments.

Rely on UL as your center of excellence for advisory services, security services, test automation and compliance and interoperability services. UL helps you build the bridge between a complex ecosystem and a successful implementation.

Exploration

Refine your vision with UL’s independent advice

Get Informed on latest industry trends, technologies, and use cases

Engage and capture the needs of your stakeholders

Explore your potential in digitization to:

  • Build your own TSP
  • Utilize partner’s TSP with dual-branded cards
  • Become a TSP aggregator
  • Become a wallet service provider Create omnichannel, capabilities across in-store, mobile and eCommerce

Challenge your mobile strategy

Strategy Definition

UL facilitates strategy sessions with the latest knowledge and expertise

Decide to build or buy your own TSP solution to digitize your cards

Provide your Issuers with a TSP aggregator for all cards and competing brands

Decide on omnichannel capabilities to enable tokenized online checkouts and in-app payments

Expand card digitization services to merchants and loyalty providers to enable alternative ways of payments

Determine new business opportunities by offering a white-labeled wallet to the market

Define your business model and go-to-market strategy

Solution Design

UL supports TSP selection & guides your project journey for faster time-to-market

Outline all relevant use cases (ID&V support, risk & fraud management)

Define solution architecture for your credential, lifecycle, and transaction systems

Define token vault strategy and data ownership

Evaluate and select TSP solutions

Define issuer onboarding processes

Design pricing strategy

Implementation Options

UL supports with your product design and technical definitions

Develop digital card profiles and associated EMV functionalities

Specify your technical solution Develop specifications towards Issuers and wallet service providers Define provisioning and authorization rules Design your lifecycle management, account enablement, and transaction details system

Establish business framework

  • Conclude on terms of use, marketing, and branding
  • Set Issuer and wallet service provider agreements

Develop security framework and validation processes

Design a test strategy

Build

UL assists in all implementation steps with best practices & technical experience

Manage vendor progress and stakeholder expectations

Set-up interfaces towards the wallet service providers and issuers

Implement changes to scheme systems

  • Customer Service APIs for lifecycle management, account enablement and transaction details
  • Provisioning management system and token vault
  • Risk & Fraud systems

Align card art template to wallet service provider guidelines

Test

UL’s test tools and services provide automation and simulate the full ecosystem

Test your TSP solution and integration with your processing host

Test Customer Service APIs

Test integration with wallet service providers

TSP solution security assessment

End-to-End Testing:

  • All use cases
  • Provisioning, transactions, lifecycle management, and fraud rules

Issuer Onboarding

UL operates certification programs, provides customer guidance & customized online test platforms

Provide Issuers and stakeholders with dedicated onboarding documentation

Execute a test and certification program for Issuer onboarding

Implement an automated test and certification platform. Facilitate self-testing and certification by state-of-the-art tooling

Certify Issuers

Enable Value Added Services to your stakeholders

Launch

UL congratulates you with a successful product!

Roll out marketing strategy and create customer awareness

Continuous product improvement

Product qualityCustomer ServiceRelease managementNew features

Risk & fraud monitoring

Post Launch:

  • Onboard your next Issuer
  • Leverage new value added services
  • Leverage new technology
Get in touch