I recently discussed tokenization in a previous post . To build on that, I would like to provide more detail on the key differences with current token technology in the market and First Data's solution. The idea of tokenization has existed in the market for some time now — so why haven’t merchants integrated this technology into their POS systems in mass yet?
Most services that offer tokenization today do not directly link that token number back to a specific card or customer; they are tied to a particular transaction. For a token number to be valuable to a merchant, they need to have the ability to tie it directly back to the cardholder. Without this ability, it becomes much more difficult for a merchant to conduct any trending analysis of their customers, which inhibits them from developing targeted offers and marketing campaigns. It also makes anti-fraud and loss prevention analysis much more difficult.
Another application for this type of token technology is for recurring payments. Tokens that are linked to a card and specific to the merchant make them ideal for “payment wallet” scenarios. For example, suppose a customer gives his credit card information to an online merchant for a purchase today and the customer chooses to allow the merchant to store the card for the customer’s future purchases (i.e., the payment wallet). The merchant replaces the customer’s credit card number with a token that is unique to the merchant. The next time the customer makes a purchase, the token stored in the wallet acts as a pointer to the actual credit card number, which the merchant’s token service provider would keep on file. This eliminates the need store transaction level details on previous transactions to enable secure payment wallet processing.
To learn more about the different types of tokenization, visit RSA’s blog, Speaking of Security .