Monday, October 21, 2019

EMV Tokenization: Digital wallet technology enters the ecommerce space

As of today, more than 500 million payment cards issued by thousands of banks in close to 50 countries have been added in a digital format to a payment app. These cards, enrolled by their cardholders in Apple Pay, Samsung Pay and Google Pay can then be used for mobile payment using NFC contactless at the Point Of Sale (POS) or for in-app payments i.e. Apple Pay for Uber. In addition to those well-known Original Equipment Manufacturer (OEM) wallets, Google Host Card Emulation technology (HCE) now gives developers a platform to launch additional branded wallets, for example by retailers. That market is accelerating drastically in 2019. Each month, OEM wallets become available in new markets and the growth potential of this technology for banks, retailers and users is tremendous.

The key technology behind the scenes is EMV Tokenization. An EMV token is a digital proxy card, linked to a ‘funding’ card. Benefits are numerous: The issuance of an EMV Token is immediate thanks to the Visa VTS and MasterCard MDES tokenization platforms, and creates a simple user experience for people onboarding their cards into Apple Pay, Samsung Pay, Google Pay or other branded wallets. An EMV Token is bound to one given device, which can be a smartphone or a wearable device, enforcing security and protecting the funding card data from behind stolen.

The interesting evolution of the market is that EMV Tokenization is set to expand quickly to an additional market: ecommerce.

EMV tokens are an ideal replacement for real card details that are currently stored by online retailers. Tokens can’t be skimmed and therefore helps to avoid this very common attack mechanism. Skimming fraud directs online shoppers to a malicious merchant web site using a fake URL and imitating the look and feel, as well as the design of the real web store. At checkout, cardholders provide their card’s Primary Account Number (PAN), expiration date and CVV to the skimmer who will then use these credentials to make fraudulent purchases. Cloning an EMV Token is useless as its usage for payment is 100% bound to a specific retailer.

The graph above show our estimate of 500 million EMV token issued for digital wallets. The use case for EMV Tokens will grow to about two billion units in 2023 as OEM wallets will expand to more markets.

Additionally, we believe merchants adopting EMV tokenization for real card on file replacement will grow by a factor of 15 or more: from 200 million units in 2019 to three billion in 2023. Just think about how many ecommerce sites you use. When you realize that each of these retailers could be paid using an EMV token then the total number will be massive.

EMV tokenization for ecommerce is not only a big step up in terms of security from real cards being kept on file, but it also represents a complete new digital payment services eco-system. By being able to manage the lifecycle of these Tokens the user will be in control of activating, suspending, and deactivating all payment cards per retailer.

As it stands, few of us remember a complete list of all the web sites where we have provided our payment card data. In a very near future, that complete list will be available for each of us, right from our mobile banking app, and with the ability to manage our “digital cards” for each merchant.

Thanks to EMV tokenization, consumers are set to be protected from online payment fraud and manage who has access to their personal financial data.

The post EMV Tokenization: Digital wallet technology enters the ecommerce space appeared first on Cybersecurity Insiders.


October 21, 2019 at 09:09PM

0 comments:

Post a Comment