Mastercard announced at the end of 2016 that it would be partnering with Visa Checkout to share tokens with Masterpass for provisioning. This would allow either wallet to request tokenized payment card information to be used in either system. How does this impact organizations utilizing either payment wallet or both? Considering that both technologies offer network tokenization, how does that impact organizations that are using a Token Service Provider (TSP) for their tokenization solutions? What types of risk are introduced passing tokenized payment card data back and forth very similar to passing actual credit card data between your business units?
Specific to the standards they are going to develop for tokenization, these standards will largely govern tokenization for mobile, tablet, and desktop purchasing experiences. They do not take into account other forms of payment acceptance (omni-channel), which is the biggest opportunity for cloud tokenization providers. While organizations should support the use of Network Tokenization, (Visa/MC/AmEx), through the passing of custom fields/data there needs to be a more holistic approach to tokenization that consumes all of the payment channels that customers use today.
Risks of Not Detokenizing Data
There are numerous large organizations worldwide who want to understand both Visa & MasterCard with their independent network tokenization initiatives, and there seems to be a strengthening consensus that leveraging cloud tokenization with a vendor agnostic platform provides the best route to take. At the end of the day, the card brands are taking control away from businesses by creating tokens that can be stored – but never detokenized. That data remains critically important to organizations, so they’re open to the idea of using network tokenization – but not committed to it in whole because it does not cover the breadth of their operations in regards to omni-channel acceptance, and the tokenization of all data sets like PII, NPI, ACH, etc.
TSP’s Support the Initiative
Interestingly, out of this what will most likely happen is that the TSP’s will actually support what Visa & MasterCard are doing through their partnership. The framework they’re developing is designed to be open and accessible for developers, payment service providers, mobile wallet developers, so they will simply integrate and continue passing network tokens for customers that want to leverage them through their mobile capabilities, continuing with our philosophy of open integration.
Drawbacks from Joint Effort
Unfortunately, and it’s my humble opinion, what the card brands are doing is essentially turning tokens into just another credit card. The beauty of tokenization in the payment space is that you can’t use tokens across payment service providers as everyone creates tokens differently. By creating a standard for generating tokens, the card brands are also now increasing the risk associated with using tokens because of the additional “cipher text” available in the market that can be used to reverse engineer token generation.