As card networks develop tokens to stand in for account numbers in online and mobile commerce, they may be able to standardize the experience across all companies that handle payments, said Mike Matan, general manager of global network business at American Express.

"It's early days, but making sure that things such as security standards are in place that all payments companies can use is vital to the market's development," said Matan, who predicts these security efforts could evolve toward federated identity, or a system in which the same login is used for different companies or purposes.

For example, through federated identity, the same app could be used to access bank account balances or to enter a building.

While the card networks are all developing their own tokenization products, they are following an agreed-upon method to build and deliver the tokens. That includes consistent methods to identify and verify a consumer before replacing the card number with a token, and a common standard for merchants to offer contactless, online and digital transactions. These methods provide a path for further cooperation, Matan said.

There have been dozens of public and private efforts to create federated identity over the years through groups such as the National Institute of Standards and Technology, Liberty Alliance, Concordia Project, Data Portability Project, the Information Card Foundation, the Internet Society, OpenLiberty.org and XDI.org. Their efforts have usually stalled because of competitive pressures.

What's different with mobile payments is the need to make the apps easy to access and use in order to achieve uptake, Matan said.

The technology investment that comes with the U.S. migration to EMV-chip payment cards will also include new mobile and authentication techniques, enabling cooperation on standards and technology development. "It's an opportunity for a lot of investment to happen at the same time," he said.

While mobile payment developments have been marked thus far by heated competition, there has been fast progress toward common ground, Matan said.

"If you think about it, just two years ago it was hard for everybody to get the SIM card model working efficiently," Matan said. "Now we're seeing all sorts of solutions coming out that can work together."

One of the keys to that has been the quick growth of host card emulation (HCE), which is a more device-agnostic form of Near Field Communication, Matan said.

Visa and MasterCard support HCE, and Amex recently unveiled its own specifications to support HCE and tokenization.

"HCE gives issuers a lot more options in how they offer mobile to their consumers," Matan said.

The FIDO Alliance, which includes Discover, MasterCard and Visa as board members, on Dec. 9 released specifications for authentication systems that could someday eliminate the need for passwords.

A common mobile authentication standard will take a lot of work, though it is possible, said Thad Peterson, a senior analyst at Aite Group, adding EMV and NFC need to be fully implemented, as well as full acceptance of tokenization.

"There is a great deal of work to be done in creating a secure and stable payment ecosystem before a ubiquitous mobile proximity payment experience can be delivered," Peterson said. "We took a giant step in the right direction with Apple adopting NFC and issuer tokenization, but it's the first step in a very long journey."

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry