The tokenization process in payment transactions replaces primary account number (PAN) data with a surrogate value. Use of the surrogate value, or token, provides increased protection against fraud and account data compromise by removing the PAN from potentially vulnerable parts of the payments environment. It is important to note that there are several types of tokenization models, 1,2,3 such as acquirer tokenization, security tokenization, issuer tokenization and EMV® payment tokenization.
This paper focuses solely on EMV payment tokenization which is the type of token that’s used in mobile wallet transactions such as Android Pay, Apple Pay and Samsung Pay. While payment tokenization has improved the security of the payments ecosystem, it creates challenges for products and services that rely on the PAN to identify a customer’s account (such as loyalty and rewards accounts), and for operational services related to a payment transaction (including customer care). For example, before payment tokenization, the PAN could be used to identify a customer’s loyalty account.
