EMV Tokenization Standard: A Positive Security Development

The Target data breach and other high-profile breaches forced the U.S.’s delayed adoption of chip-and-pin cards forward, and this has made EMVCo, the firm behind the Eurocard chip-and-pin standards, a much bigger player in the payment security industry as a whole. Thus, EMVco took it upon themselves to design and release a EMV tokenization standard to compliment chip-and-pin systems, and they just released the first draft of the standard’s technical specifications.

As a firm primarily focused on physical, hardware-based payment card security, EMVCo might seem like a strange player in the tokenization sphere. However, in the past few years the organization has broadened its range considerably, and it now has operable standards in place for common payment applications, contactless payments, and mobile payment security. The company is backed by Visa, Mastercard, and Europay, making it a strong central player in an otherwise emerging field.

But that begs the question: does the tokenization standard make tokenization as a process stronger, more usable, or more secure? Or does it just add complication to the already complicated data security landscape? For TokenEx the answer is clear, standardization of tokenization is a good move that will help promote security in payment transactions.

emv tokenizationMany of the concepts in the standard are already in practice at TokenEx. For instance, the EMV tokenization standardization specifies the type of security controls that a tokenization provider must use to protect their Token Vault. This includes “strong physical and logical security measures,” “ restricting Token-based transactions to the appropriate domain,” and “assign[ing] at least one unique Token Requestor ID to a given Token Requestor.” These security steps already form the core of TokenEx’s security controls. This assures us of two things: That our security measures and practices meet and exceed industry standards, and that the EMV Tokenization Standard is designed to enhance and ensure security from all sides.

Moreover, the development and implementation of a standard reinforces the need for tokenization across payment channels. Mastercard, Visa, and Europay would not be developing this standard if they did not see tokenization as a viable method for securing data in CNP transactions. The shift towards chip-and-pin cards will help alleviate some of the security concerns brought on by 2013’s data breaches, but this standard shows even the card makers know that in itself is not enough.

We fully support the continuing development and evolution of the EMV tokenization standard. It’s an important step in improving the financial security of consumers and businesses worldwide, and we look forward to tracking the development of the standard over time.

TokenEx is a data security provider dedicated to helping businesses improve their security practices and reduce their risk from handling sensitive data. To contact a TokenEx representative and learn about our different security products, call or email us today. You can also follow us on Twitter and LinkedIn for data security news and analysis.

Topic(s): payments , data security , tokenization

Keep Up With Our PCI & Privacy Blog