Banks push for tokenization standard to secure credit card payments
Tokenization addresses gaps in EMV smartcard standard, says indsutry group
Computerworld - A group representing 22 of the world's largest banks is pushing for broad adoption in the U.S. of payment card technology called tokenization, citing shortcomings in the planned migration to the Europay MasterCard Visa (EMV) smartcard standard over the next two years.
The Clearing House Payments Company (TCH), whose owners include Bank of America, Citibank, Capital One and JP Morgan Chase, is working with member banks to see how tokenization can be applied to online and mobile payment environments to protect against fraud.
The effort stems from what the group says is the need to address gaps in the EMV standard involving mobile and online transactions.
"EMV has been out there for close to 20 years" and has served its purpose well, said Dave Fortney, senior vice president, product development and management for The Clearing House.
Debit and credit cards based on the EMV technology use an embedded microchip, instead of a magnetic stripe, to store data and are considered almost impossible to clone for fraudulent purposes. Though the rest of the world moved to the technology years ago, the U.S. has lagged behind for a variety of reasons.
However, after the recent Target breach that exposed data on 40 million debit and credit cards, calls to adopt the standard in the U.S. have become more strident. MasterCard and Visa have said they want merchants and banks to be ready to start accepting EMV cards by October 2015.
While the planned migration has its benefits, EMV is not quite the panacea that many assume it is, Fortney said. "The downside with EMV is that it was created when there was no Internet, no online commerce, no smartphones and no tablets."
While EMV is great for securing card transactions at point-of-sale terminals, it is less useful for online payments and other card-not-present transactions. That is one of the major reasons why payment card fraud has migrated from point-of-sale systems to online channels in Europe and other places that have already adopted EMV.
Payment card tokenization is one way to address this gap, Fortney noted.
Tokenization is a method for protecting card data by substituting a card's Primary Account Number (PAN) with a unique, randomly generated sequence of numbers, alphanumeric characters, or a combination of a truncated PAN and a random alphanumeric sequence.
The token is usually the same length and format as the original PAN, so it appears no different than a standard payment card number to back-end transaction processing systems, applications and storage.
The random sequence, or "token," acts as a substitute value for the actual PAN while the data is at rest inside a retailer's systems. The token can be reversed to its true associated PAN value at any time with the right decryption keys. Tokens can be either single use tokens or multi-use tokens.
- Snowden advocates at SXSW for improved data security
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Top tips for securing big data environments - Why big data doesn't have to mean big security challenges Organizations don't have to feel overwhelmed when it comes to securing big data environments. The same security fundamentals for securing databases, data warehouses...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Three guiding principles for data security and compliance Data security is a moving target-as data grows, more sophisticated threats emerge; the number of regulations increase; and changing economic times make it...
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.
- How SIEM Addresses the Challenges of Big Security Data This webcast will help you understand today's big data security challenges and how intelligent and scalable SIEM solutions give IT the tools and... All Data Security White Papers | Webcasts