Mobile/Digital Payment Security, Tokenization and Fraud Analysis
Payment Strategies conducts applied industry research, analysis and standards development related to mobile payments security, with a focus on tokenization and fraud in the card-not-present (CNP) channel, to educate the industry and identify challenges to be addressed.
Tokenization is not a new concept and has been used to protect cardholder data post-authorization or at rest for many years by merchants and their acquirers. Payment (or network) tokenization, is a recent concept introduced to the payments industry based on specifications issued by EMVCo and The Clearing House and implemented by Apple Pay, Android Pay, and Samsung Pay. A payment token serves as a surrogate value that is created to replace the primary account number (PAN) from end-to-end in a payment transaction – and follows the same formatting as the 16-digit PAN. Payment Strategies conducts research and analysis, and monitors trends in tokenization to educate the industry and identify challenges to be addressed.
CNP fraud is increasing, particularly as more online payments are being made through the mobile phone. Research includes understanding the range of mobile CNP models in the marketplace, analyzing potential risks and security gaps, identifying the range of security and authentication solutions available, and outlining potential best practices and recommendations for mitigating CNP and other mobile payments fraud.