BankThink

Tokenization buzz gets more attention than fundamentals

We’re putting the cart before the horse when it comes to tokenization.

All these sayings apply to the current state of tokenization. If you follow industry discussions on the topic, you’ll have undoubtedly noticed scores of stories about implementing tokenization and blockchain for everything from real estate to pieces of high-value art to financial assets and commodities.

In my judgment, we’re collectively focusing on the wrong goal posts. Those are innovative uses cases to be sure, but how many of them actually solve a real problem, as opposed to just feeding the hype cycle and keeping our most brilliant technical, business and entrepreneurial minds from addressing issues that the financial services and retail industries have grappled with for years?

Chart: Creeping Cost

Tokenization isn’t a new technology by any means. It’s been applied to payment data at rest for some time. Where it hasn’t been applied universally or successfully is to payment data in motion. Before we progress into leveraging the fringe use cases and benefits, we need to get back to tokenization basics.

Consumers spent more than $517 billion shopping online in 2018 in the U.S. alone. The transactions associated with those purchases comprise a ton of data that has to be secured and, in some cases when the payment card is kept on file, stored. That’s especially relevant for companies such as Netflix, Uber and Amazon, whose subscription models require that payment details be kept on file and charged every time a recurring product or service is delivered or rendered. It’s also powerful for e-commerce stores because having cards on file enables one-click checkout and other streamlined payment options. That’s where tokenization becomes paramount.

Time after time, breaches of online retailers result in the theft of stored credit card details. Tokenizing those card numbers makes retailers less of a target for hackers in the first place and also mitigates the fallout should a breach occur. Stealing a database of tokens does nothing for criminals. Stealing a database of untokenized card numbers, expiration dates and other personally identifiable information? That’s a nightmare that hits the retailer hard and forces every issuer to replace every card for every consumer who could have been adversely impacted.

There’s a new model of tokenization emerging where card-on-file tokenization is done by the payment networks, such as Visa or Mastercard, instead of the merchants. In traditional tokenization, payment credentials are exposed at some level before going to the payment network for processing. Using the new payment network tokenization, the tokens themselves are merchant-specific, and the payment network is responsible for mapping the tokens to the cards.

This method gives retailers some additional benefits. For example, by not having to store card numbers, there are fewer PCI certification requirements. Separately, without tokenization, there are periodic interruptions to subscriptions and service whenever cards on file expire. The retailer has to hope the consumer goes through the process of re-inputting their refreshed card details, or else the customer relationship grinds to a halt. With tokenization, that renewal happens automatically.

At this point, payment network tokenization should sound appealing to every online retailer because it relieves friction and releases them from much of their risk, liability and compliance burden. The trick is that it is difficult to scale from both a technical and business agreement perspective, and thus hasn’t been widely implemented. Token services run through the payment networks’—mainly Visa and Mastercard—rails. This is where we need our best business and technology minds at work to connect card-on-file tokenization services to the millions upon millions of online retailers around the world. That’s obviously easier said than done, but expert technology partners and business brokers play a critical role in moving toward that ubiquity.

For reprint and licensing requests for this article, click here.
Tokenization Network security Payment processing Cards Online payments ISO and agent
MORE FROM AMERICAN BANKER