A complete payment security package: EMV, tokenization, encryption

Last updated: 21 May 2015

There is no question that technology advancements in mobile payments and wearables are having an impact on the payments industry. Consumers are turning to smartphones and wearables, like festival wristbands and smartwatches, to manage their money in a quicker, more efficient way.  Easy, “tap & go” contactless payments are also on the rise. Just last year, almost half of the payments cards produced were contactless.

While mobile innovation is a huge step forward for the payments industry, it has made security a hot topic of conversation. Was security top of mind in the design of mobile and contactless payments?  Or, are new technologies just focused on convenience and ease of use?

Payment securityConsumers can rest assured. Modern payment options are even more secure than legacy payment options, such as magnetic stripe cards. In today’s payment ecosystem, a complete security package is necessary. This is the payment security trifecta: EMV, tokenization and encryption.

In all of its forms (contact EMV cards, contactless EMV cards, mobile EMV for smartphones, and now wearables), EMV reduces fraud because a chip makes it nearly impossible to replicate a card. In addition, EMV chips use a cryptographic algorithm to generate a digital code that changes with each transaction to prevent the card from being used fraudulently.  EMV has proven incredibly effective at eliminating face-to-face fraud, especially in regions where both EMV cards and payment terminals have become the standard.

Beyond EMV, tokenization and encryption are important tools to protect against types of fraud that EMV doesn’t address.  Tokenization, which replaces sensitive card data information with unique and sometimes temporary card numbers, called tokens, helps to keep account numbers more secure. You can learn more on that in my colleague’s, Remi’s, piece from last month: a very informative piece about tokenization and cross-channel fraud.

Tokenization protects an account number both at the point-of-sale and in the event of a data breach. Tokenization can protect against cross-channel fraud by limiting the use of each token card number to just that payment channel.  In other words, a tokenized card number issued for in-store transactions couldn’t also be used for online (card-not-present) purchases.  You’d need a separate tokenized number for online transactions.  All of this could happen behind the scenes, adding layers of security to protect against thieves who might try to make fraudulent purchases online.

Encryption protects sensitive data as it travels through the payment ecosystem, from the payment terminal through the merchant’s systems to the processors and the bank.

Together, tokenization and encryption keep data secure as it travels from the point-of-sale to the bank. They also help to keep the data secure long after the transaction when card information is stored on the merchant’s servers.

Advanced data security is simply not possible with magnetic stripe cards. This makes the shift to EMV the first, and most important step. Starting with EMV and then considering complimentary technologies, banks and consumers can be confident that modern payments are more secure than ever before.

One thought on “A complete payment security package: EMV, tokenization, encryption

  1. Buen día, me pueden especificar como funciona el servicio, estoy ubicado en Colombia, las tarjetas se consideran titulo valor al igual que una tarjeta de crédito o funciona de otra forma, y que servicio cubre, agradezco la respuesta gracias.

Leave a Reply

Your email address will not be published. Required fields are marked *