Updated framework includes expanded e-commerce use cases and operational management enhancements to support global interoperability and facilitate transaction security
Technical body, EMVCo, has publicly released EMV® Payment Tokenisation Specification – Technical Framework v2.0. The latest document addresses the adoption of payment token use cases in e-commerce beyond existing card-on-file, and offers enhancements to how payment tokens can be controlled within a single payments channel. It also builds on the ecosystem established in version 1.0 by refining the EMV payment tokenisation roles of token service provider (TSP) and token requestor, introducing the roles of the token programme and token user, and detailing their interrelationships within the global payments environment.
Payment tokenisation is the process of replacing a primary account number (PAN) with a unique payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel. EMVCo published version 1.0 of its technical framework in 2014 to address the needs of digital payments including e-commerce, and minimise the fraud risk associated to an exposure of PANs.
The EMV Payment Tokenisation Specification – Technical Framework describes the payment tokenisation ecosystem, the key roles of participants, and expanded concepts supporting multiple use cases. This level of commonality and interoperability between solutions aims to promote innovation in implementation approaches without impacting usability or security.
Key updates within version 2.0 include the:
- Recognition that the entity introducing payment tokenisation to a payment ecosystem is responsible for establishing a payment token programme. This programme will define the business policies and processes for the generation, issuance and full lifecycle management of payment tokens to ensure their effective delivery.
- Additional detail on payment token processing which clarifies the use of a payment token in the authorisation process.
- Introduction of new concepts around shared and limited use payment token to support the expansion of e-commerce use cases.
- Introduction of the payment token assurance method (replacing token assurance level) to enable a token requestor, such as an issuer, digital wallet provider or merchant, to have information available related to the identification and verification processes associated with the issuance of a payment token.
- Expansion of the payment token issuance processes to enable the request of a payment token with a value other than a PAN.
“EMVCo has been working closely with the payments community to develop the technical framework to create a common functional baseline for payment tokenisation solutions to achieve worldwide interoperability,” explains Jack Pan, EMVCo Executive Committee Chair. “This latest version offers significant updates and use cases that reflect payment industry input to define how EMV payment tokens are generated, deployed and managed. The level of detail assists in establishing a stable payment environment and delivering a common set of tools to facilitate transaction security.”
Since the publication of EMV Payment Tokenisation Specification – Technical Framework v1.0, EMVCo has defined a new data element – EMV Payment Account Reference (PAR) – which enables merchants, acquirers and payment processors to link together a cardholder’s EMV payment token and PAN transactions. It has also launched new registration programmes for TSPs and Bank Identification Number (BIN) Controllers.
Cheryl Mish, EMVCo Board of Managers Chair, adds: “Our work in the area of payment tokenisation continues to evolve as new use cases are identified and functionality is agreed upon. The technical framework needs to capture these industry requirements and be flexible enough to interoperate with the existing payment ecosystem while supporting e-commerce, new payment methods and regional variations. To achieve this, we continue to call on the payments community to get involved and provide feedback.”
To fully engage in EMVCo’s payment tokenisation activity, join EMVCo’s established Associates Programme which is open to all industry stakeholders. To stay informed on EMV Payment Tokenisation topics, become a Subscriber.
The EMV Payment Tokenisation Specification – Technical Framework v2.0 is available to all parties from the EMVCo website on a royalty-free basis. The technical framework is not designed to mandate, incentivise, or define commercial rules, requirements or policies for the implementation of payment tokenisation solutions by international, regional, national or local payment systems. To understand the role of EMVCo, read EMVCo’s Operating Policies.
To learn more about EMV Payment Tokenisation, read the Q&A.