Head Office, Johannesburg, South Africa

How tokenisation is improving credit card security

tokenisationThe security of card holder information is an ongoing concern for consumers, merchants, payment processors and banks alike. As more transactions are conducted online, the need for rigourous online data protection systems is also growing.

In 2013, South African banks lost millions of rands after point of sale (POS) terminals in KFC branches all over the country were infiltrated by malware, resulting in the theft of huge amounts of cardholder data. Credit card breaches like these have forced payment providers to come up with secure ways of processing and storing this sensitive information. Tokenisation is one such method.


Tokenisation replaces card numbers with a randomly generated code

A token is something that replaces, and is used instead of, another item – for example, buying tokens which are then used to purchase drinks at a bar, instead of using cash. When applied to credit card processes, tokenisation converts a card number into a token (a string of meaningless characters or numbers). The merchant receiving payment would only see the token – a new one of which could be generated for each new transaction. If the merchant’s databases were hacked, consumers’ identities and card information would be protected, as the merchant would store only the tokens. The bank alone would store the genuine cardholder information.


Tokenisation can help with PCI compliance

PCI compliance is something that every institution that processes card payments – merchants or banks – is required to adhere to. Tokenisation is one method that could “reduce the amount of cardholder data in the environment, potentially reducing the merchant’s effort to implement PCI DSS requirements”, according to the PCI Security Standards Council.


Visa and American Express are already implementing tokenisation

Although not an especially new technology, tokenisation is only recently being offered by key payment solutions providers. Apple has teamed up with Visa and adapted the concept for its Apple Pay to create a “unique device number” for everyone who uses their iPhone or Apple watch to tap-and-pay for goods in-store. Visa has also rolled out its tokenisation service for Samsung Pay and the soon to be released Android Pay. American Express has also begun implementing a tokenisation system for mobile, apps and Near Field Communication (NFC) payments.

Whilst the above are only currently available in the USA, it’s opened up huge possibilities for how and where we transact, and assists with strengthening credit card security.


Improved security will help boost consumer confidence and encourage entrepreneurship

Once tokenisation is adopted more widely, it’ll help improve consumer confidence about credit card processes as their information is only visible to the banks. As users become more comfortable with new payment methods – mobile and online – it’ll encourage innovation within the payments industry, creating better and more efficient ways of transacting. More payments done over mobile or online will allow entrepreneurship to flourish as payment can be made anytime and anywhere.


The future holds many exciting possibilities for card fraud prevention

Technology is becoming more developed and intricate and card security features have also become more advanced – minimising the threat of credit card fraud. Credit cards with a magnetic strip that only appears when a PIN is typed into the card are already being developed by Dynamics Inc. in the USA.

The next step will be incorporating biometrics into card security: instead of using a four-digit, easily forgettable PIN that is also hackable, you’ll simply use your fingerprint to verify your identity. Zwipe in Norway has already teamed up with Mastercard to develop a biometric credit card.

Download our EFTPOS brochure for more information about our innovative payment solutions that adhere to the highest PCI compliance level.