Tokenization: At What Cost?

NACS Magazine takes a look at the value of tokenization and whether it will be an industry game changer.

January 20, 2015

Each month, NACS Magazine publishes the “Bits & Bytes” column, addressing the technology issues that affect the convenience and fuel retailing industry. This month’s column by Conexxus Executive Director Gray Taylor provides insight on tokenization’s role in payments. For more on technology topics, visit Conexxus.org.

I was initially going to tackle the imminent PCI 3.0 deadline in this column but felt it was more important to start the New Year with a discussion of game changers we will see in 2015 — and PCI isn’t one of them. What is 2015’s game changer? In my opinion: tokenization. No other technology has the ability to reduce security risk in the future payments landscape, but as with any revolutionary change there are significant accompanying risks.

Tokenization — the process whereby a string of numbers (think account number or CVV) is replaced by a similar string of other numbers (token) by a token provider, with the token usable only under certain circumstances — is a relatively old and simple concept. For each tokenized transaction, the token provider holds the real account information and allows the accepting party to perform all transaction maintenance by routing all transaction requests back to the token provider who associates the token to the account. This system is not new — ExxonMobil’s Speedpass has been using tokens for almost 20 years.

ApplePay introduced the latest iteration of payment tokens by using format-preserving, EMVCo compliant tokens stored on the secure element of the iPhone6. These tokens are currently generated and managed by the card brands, and while not unique by transaction or even merchant, the inability for the tokens to be introduced without an iPhone, or reused at other merchants who did not initiate an ApplePay transaction make them inherently safer.

Like most payment technology change, there is also a dark side to the ApplePay story

In our connected world, bespoke networks lose their relevance and the traditional four-party card scheme network model becomes outdated and inefficient. The card brands know this, but also know that the inexorable migration to a “many to many” payments world can only be controlled if each transaction “needs” to be manipulated by them (or their issuers for their own cards, under license).

What is emerging is a world where the Durbin Amendment allows routing to least-cost networks, but new tokenization “rules” require that transaction to be tokenized — or touch home base (for a fee) — thus preserving the pricing power and revenue streams for the card brands. Clearly, tokenization introduced without oversight has the potential to become the new “interchange” — priced without competition and possibly extended to other non-financial use cases.

In short, tokenization is good and should be embraced quickly, but the token format and provider role should be open and available to any trusted provider a merchant (or consumer) chooses to use.

In the coming year, Conexxus will be working with NACS to ensure that the potential societal value of this game changer — tokenized payments (and other data) — does not come with subjugation to new monopoly powers. Through making the process of tokenization a public standard and making sure regulators understand the antitrust risks of this technology, we can ensure that next generation payments operate in the light of competition and not as a replacement for interchange pricing power.

Advertisement
Advertisement
Advertisement