Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


David Worthington, VP of Business Development at Rambus

Technical body EMVCo launched version two of its EMV® Payment Tokenisation Specification – Technical Framework in September. The market has evolved rapidly since v1.0 was launched in 2014 to address the needs of digital payments including eCommerce, and minimize the fraud risk associated to an exposure of primary account numbers (PAN) – so v2.0 has been eagerly anticipated by the ecosystem.

Here’s a few things that stood out for me among the key updates and revisions.

Continuous development

As with all technology, the innovation curve is too steep for standardization to keep pace. This update therefore brings the framework in line with many of the developments that have happened over the past couple of years. It also addresses a range of feedback from live implementations of the technology to smooth the path for widespread deployment.

For example, EMVCo released an interim note in 2016 on its EMV Payment Account Reference (PAR) which enables merchants, acquirers and payment processors to link together a cardholder’s EMV payment token and PAN transactions. Version 2.0 of the tokenization specification clarifies this at a standards level and sets the rules for BIN controllers (such as an ISO IIN Card Issuer) to implement PAR for their BINs.

Greater clarity

One particularly positive development is the inclusion of a common set of definitions and terminology in the framework. This may sound simple, but it gives the ecosystem a way to communicate effectively and avoid confusion and delays. Players can now easily understand both the similarities and differences in supporting and implementing tokenization with each of the international and domestic payment schemes.

Elsewhere, EMVCo has clarified the roles, responsibilities and minimum requirements for entities establishing a token program. This will ensure the effective generation, issuance and full lifecycle management of payment tokens as markets develop. The document also outlines a range of new and existing token requestor types to clearly define who can request tokens and their associated notable characteristics.

This increased clarity not only enables greater collaboration and stability, it sets the stage for even more rapid evolution and brings confidence in tokenization as a fraud prevention technology.

New tokenization use cases

Since the launch of the original framework, the use cases for payment tokenization have expanded significantly to allow for multiple types of cardholder- and merchant-initiated transactions. The new framework therefore addresses new use cases for eCommerce, including:

  • eCommerce using a mobile/digital wallet – consumers can perform a tokenized transaction on an eCommerce site or in-app using their mobile/digital wallet.
  • Shared payment token – a Token Requestor can share the same payment token between multiple Token Users (e.g. merchants).

These additions can bring the fraud prevention of dynamic tokens to scenarios like recurring one-click-ordering and in-app payments.

Is this progress?

In a word, absolutely! While there is nothing necessarily revolutionary here, this update is both catching up with innovation and enabling it to continue happening in a sustainable, stable and secure way. We, as a developing ecosystem, now have a more complete reference manual to work from, which makes life easier for entities to clearly define their requirements when issuing an RFP, for example, and for technology providers to better understand what the market needs.

What next?

Work is ongoing. We are moving towards an end-game where all payments (and even all data!) are tokenized, so we need to get to a place where static tokens (like PANs) are no longer used and dynamic tokens are universal.

In our role as an EMVCo Technical Associate we look forward to continuing to support the future extension and clarification of the framework to enable further common understanding of the roles, concepts and use cases between all parties in the ecosystem.

*EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo.