EMV Payment Tokenization Primer and Lessons …

EMV Payment Tokenization Primer

and Lessons Learned

Version 1.0

Publication Date: June 2019

U.S. Payments Forum ?2019

Page 1

About the U.S. Payments Forum

The U.S. Payments Forum, formerly the EMV Migration Forum, is a cross-industry body focused on

supporting the introduction and implementation of EMV chip and other new and emerging technologies

that protect the security of, and enhance opportunities for payment transactions within the United

States. The Forum is the only non-profit organization whose membership includes the entire payments

ecosystem, ensuring that all stakeholders have the opportunity to coordinate, cooperate on, and have a

voice in the future of the U.S. payments industry. Additional information can be found at

.

EMV? is a registered trademark in the U.S. and other countries and an unregistered trademark

elsewhere. The EMV trademark is owned by EMVCo, LLC.

About the Mobile and Contactless Payment Working Committee

The Mobile and Contactless Payments Working Committee goal is for all interested parties to work

collaboratively to explore the opportunities and challenges associated with implementation of mobile

and contactless payments in the U.S. market, identify possible solutions to challenges, and facilitate the

sharing of best practices with all industry stakeholders.

Copyright ?2019 U.S. Payments Forum and Secure Technology Alliance. All rights reserved. Comments

or recommendations for edits or additions to this document should be submitted to:

info@.

U.S. Payments Forum ?2019

Page 2

Table of Contents

1.

Introduction .......................................................................................................................................... 6

2.

What Is Tokenization?........................................................................................................................... 8

2.1

3.

4.

Types of Tokens ............................................................................................................................ 8

2.1.1

Acquiring Domain Tokens ..................................................................................................... 8

2.1.2

EMV Payment Tokens ........................................................................................................... 8

2.2

Payment Tokenization Process ..................................................................................................... 9

2.3

Security in the Tokenization Process .......................................................................................... 10

2.3.1

Cryptography....................................................................................................................... 10

2.3.2

Token Cryptogram .............................................................................................................. 10

2.3.3

Token Domain Restriction Control ...................................................................................... 10

2.3.4

Token Cryptographic Keys................................................................................................... 11

2.3.5

Step-up Authentication during Identity and Verification (ID&V)........................................ 11

Tokenization Use Case Scenarios ........................................................................................................ 12

3.1

In-Store EMV Contactless Payments with Device-Centric Digital Wallets .................................. 12

3.2

In-App Payments with Device-Centric Digital Wallets ................................................................ 12

3.3

Merchant Card-On-File and Recurring Payments ....................................................................... 12

3.4

Pay Button Payments .................................................................................................................. 13

3.5

Payments Using Wearables ........................................................................................................ 13

3.6

Payments Using the IoT .............................................................................................................. 13

Payment Token Services ..................................................................................................................... 14

4.1

Issuer Enablement and Onboarding of Token Services .............................................................. 14

4.1.1

Onboarding Parameters ...................................................................................................... 14

4.1.2

Wallets and Token Requestor Programs............................................................................. 14

4.1.3

Account Ranges ................................................................................................................... 14

4.1.4

Program Configuration........................................................................................................ 15

4.2

Common Token Service Provider Services .................................................................................. 15

4.2.1

Token APIs ........................................................................................................................... 16

4.2.2

Token Issuance .................................................................................................................... 16

4.2.3

Token Vault Service ............................................................................................................. 17

4.2.4

Token Cryptogram and Key Management .......................................................................... 17

4.2.5

Lifecycle Management ........................................................................................................ 17

U.S. Payments Forum ?2019

Page 3

4.2.6

Reporting............................................................................................................................. 17

4.2.7

ID&V .................................................................................................................................... 17

4.2.8

Token Domain Controls....................................................................................................... 18

4.2.9

Token Assurance ................................................................................................................. 18

4.3

4.3.1

Token Status........................................................................................................................ 19

4.3.2

Impact of Lost/Stolen Cards or Devices or Theft Mitigation............................................... 21

4.4

5.

Third-Party Token Services ......................................................................................................... 21

4.4.1

Customer Management Platform ....................................................................................... 21

4.4.2

Token Vault and Provisioning Platform .............................................................................. 21

4.4.3

Token Processing System .................................................................................................... 22

4.5

Token Vault Connectivity ............................................................................................................ 22

4.6

Token Requesting Gateways ....................................................................................................... 22

End-to-End EMV Payment Tokenization Flows ................................................................................... 23

5.1

Device-Centric Wallet Payments................................................................................................. 23

5.1.1

Provisioning to Device-Centric Wallets ............................................................................... 23

5.1.2

Transaction Processing (POS Contactless, Device-Centric Wallet) ..................................... 24

5.1.3

Transaction Processing (In-App, Device-Centric Wallet) .................................................... 25

5.2

Merchant Card on File (COF)....................................................................................................... 27

5.2.1

Provisioning Process (Merchant Card on File) .................................................................... 27

5.2.2

TSP

Merchant COF Transaction Processing: American Express, Discover, Mastercard or Visa

28

5.2.3

Merchant COF Transaction Processing: Third-Party TSP .................................................... 29

5.3

6.

Token Lifecycle Management ..................................................................................................... 18

Transaction Processing (Network Pay Button) ........................................................................... 30

Impact of Payment Tokenization on Merchants................................................................................. 32

6.1

Customer Confusion.................................................................................................................... 32

6.2

Merchant Processes .................................................................................................................... 33

6.3

Customer Identification .............................................................................................................. 33

6.4

Transaction Routing .................................................................................................................... 33

6.5

Cardholder Verification ............................................................................................................... 34

6.6

Merchant and Issuer Impact Workarounds ................................................................................ 34

6.6.1

Customer Confusion and Merchant Process Issues ............................................................ 34

6.6.2

Customer Identification ...................................................................................................... 35

U.S. Payments Forum ?2019

Page 4

6.6.3

7.

Cardholder Verification ....................................................................................................... 35

Merchant Debit Transaction Routing.................................................................................................. 36

7.1

Contactless POS Transactions with EMV Payment Tokens ......................................................... 36

7.2

Merchant Card on File................................................................................................................. 36

8.

Conclusions ......................................................................................................................................... 37

9.

Legal Notices ....................................................................................................................................... 38

10. Glossary ............................................................................................................................................... 39

U.S. Payments Forum ?2019

Page 5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.