TOKENIZATION
What is tokenization?
Tokenization is a process through which sensitive information or data is replaced with a unique set of characters that retain all the essential information without compromising the security of sensitive information.
In the payments space, tokenization is the process of replacing the 16-digit payment card account number with a unique digital identifier known as a ‘token’ in mobile and online transactions. This token then allows payments to be processed without exposing sensitive account details that could breach security and privacy.
Substitution methods like tokenization have been around for a while as a way to separate data in ecosystems, and databases. Before tokenization was introduced, encryption with reversible cryptographic algorithms was the preferred method of protecting sensitive data. Unlike encryption, a process that encrypts cardholder data at the origin, and then decrypts it at the end destination, tokenization replaces sensitive cardholder detail with a stand-in token. Because of the random assignation of tokens, it’s almost impossible to reverse-engineer or compromise a token.
A use case of this process in the P.O.S. system:-
• A credit card is swiped at a POS machine or is used for an online transaction
• The credit card number is passed to the tokenization system
• The tokenization system generates a string of 16 random characters to replace the original credit card number.
• The tokenization system returns the newly generated 16 digit random characters to the POS machine or e-commerce site to replace the customer’s credit card number in the system.
There can be two types of tokens produced depending upon the clients needs and security standards:
Format preserving tokens: maintain the appearance of the 16-digit credit card number.
Example:
Card number: 5945 8612 5953 6391
Format preserving token: 4111 8765 2345 1111
Non-format preserving tokens: do not resemble the original credit card number and can include both alpha and numeric characters.
There are specific format-preserving tokenization schemes that maintain the IIN (first 6 digits) as well as the last 4 digits of the card number.
Example:
Card number: 5945 8612 5953 6391
Non-format preserving token: 25c92e17–80f6–415f-9d65–7395a32u0223
What is the impact of tokenization on online businesses?
Credit card tokenization helps online businesses improve their data security, from the point of data capture to storage as it eliminates the actual storage of credit card numbers in the POS machines and internal systems. But the greatest benefit of tokenization is that it minimizes the impact of security breaches for merchants.
Since merchants are storing tokens instead of credit card numbers in their systems, hackers will acquire tokens that are of no use to them. Breaches are expensive, and many retailers and banks have experienced huge losses as a result of data theft. Tokenization helps minimize this.
Case study
Alipay
Born in 2004, Alipay was first created as the payment department of Taobao, the B2C platform of Alibaba Group. It was right after eBay acquired Eachnet.com in China, and Taobao saw this acquisition as a major threat for its marketplace business. To enhance its competitive advantage, Taobao tried to solve the biggest pain point in eCommerce in China at that point — the trust between seller and buyer. Back then, many conversations between sellers and buyers on Taobao failed to result in a transaction, oftentimes because both sides suspected each other as fraudsters. So Taobao introduced Alipay as a 3rd party to temporarily hold the money paid by the buyer, and would not release the money to the seller until the buyer confirms that the product was received and in good condition. Successfully solving the trust issue, Alipay saw tremendous growth on Taobao platform, and even started to be used on other platforms outside of the Alibaba ecosystem.
It uses:-
• Transfer money to other bank accounts with payment made within two hours
• Transfer money to other Alipay accounts
• Pay credit card bills with no fee levied
• Pay utility bills with no extra fee levied
• Top up a mobile phone with a credit card
• Buy bus tickets
• Check a bank balance
• Use at online check-out on many websites (lots of websites it’s the only way to pay)
• Use to check-out on shopping apps Tmall.com and Taobao.com (these are escrow services)
• Use to pay for products in-store.
Though not exactly a case of “Tokenization” Alipay has nonetheless created an effective payments system using “ESCROW” .
Escrow is not an exclusive technology, its a technology used by many in the payments field
ESCROW:-
How does Escrow Work?
Alipay reduces the risk of fraud by acting as a trusted third-party that collects, holds and
only disburses funds when both Buyers and Sellers are satisfied.
1. Buyer and Seller agree to terms — Either the Buyer or Seller begins a transaction. After registering at Alipay, all parties agree to the terms of the transaction.
2. Buyer pays Alipay — The Buyer submits a payment by approved payment method to a secure Escrow Account, Alipay verifies the payment, the Seller is notified that funds have been secured ‘In Escrow’.
3. Seller ships merchandise to Buyer — Upon payment verification, the Seller is authorized to send the merchandise and submit tracking information. Alipay verifies that the Buyer receives the merchandise.
4. Buyer accepts Merchandise — The Buyer has a set number of days to inspect the merchandise and the option to accept or reject it. The Buyer
accepts the merchandise
5. Alipay pays the Seller — Alipay releases funds to the Seller from the Escrow Account.
User interface interaction
Alipay is not the only dominant online payment system in China there is tough
competition from payment providers such as
Steps to setup Alipay
You can find a payment service provider that offers Alipay or contact directly with Alipay International.
The advantage of using Alipay via a payment service provider is that you can integrate Alipay, Unionpay, and Wechat pay at once.
According to the report of Market Share of Online Payment Service Provider of China in 2016:
- Alipay has a market share of 52.3%
- Tenpay (Wechat pay) 33.7%
- Unionpay 12.6%
- Other 1.4%
If you are not willing to have 3 different accounts, 3 different settlement schedule nor submit 3 times of your documents, you can integrate all of them at once via Global Payment Service Provider — Payssion
Comparison between the two market leaders
Summary
Tokenization is the future for all payment methods as the world move towards the virtual exchange of currency. The objective of a tokenization stage is to eliminate any unique delicate installment or individual information from your business frameworks, supplant every informational index with an undecipherable token, and store the first information in a protected cloud, separate from your business frameworks.
Notwithstanding, no technology has been demonstrated to be impervious. Regardless of whether through human blunder, malware, phishing messages, cybercriminals have numerous approaches to go after weak applications. As a rule, it’s a matter of when — not if — an assault will succeed. The bit of leeway to cloud tokenization is there is no data to take when the inescapable attack occurs. Along these lines, it practically kills the danger of information burglary.
