July 13, 2015
The EMVCo Payment Tokenization Specification Technical Framework had set the payment industry in motion about a year (or so) ago. The ability to replace the sensitive payment card credentials with an ‘alias’, called ‘payment token’, which ‘looks and feels’ like the original, but from which the original payment card credentials can not be deduced, even if the alias is stolen, is undeniably very powerful concept.
Shortly after EMVCo published its draft implementation guideline mid 2014, major payment networks in the US announced their own EMVCo ‘compliant’ TSP implementations. The Apple Pay was launched back in September 2014, as the very first commercial mobile wallet taking advantage of those implementations. Android Pay’s and Samsung Pay’s own launch announcements followed several months later, targeting their own launches before the end of this year. All of these mobile wallets will end up using same Tokenization Service Providers (TSPs), which are provided by the payment networks.
All currently commercially available TSPs follow the EMVCo Tokenization guidelines (intentionally not calling it ‘spec’, because it isn’t). The EMVCo Tokenization Framework is an example of the ‘coupled’ tokenization framework. It is labeled as ‘coupled’, because it does not envision that valid payment token can exist (be issued), un ...