Tokenization is the security process that most recently unlocked the mobile payments market, but the concept can be expanded.
All the major "OEM Pays" (Apple Pay, Samsung Pay, etc.) use the technology to secure the transmission of payment data between device and terminal. The process itself, however, of replacing sensitive data with unique identifiers that retain the essential information but don’t compromise security can, in theory, be applied to any kind of transaction, from bank details, to health records, ID numbers, even to the idea of money itself.
The central idea is this: When tokenized, unlawfully intercepted payment authorization data is rendered valueless because it simply isn’t there; it is replaced by a token. This means the data can, in effect, hide in plain sight.
A "smart" token takes this idea a step further. It’s a regular token on steroids. It transmits the value and all the information needed to authorize the transaction together, in one go, including enhanced counterpart identity, transaction and invoicing data.
It consists of three layers: an asset, a set of rules and a state. Let’s break it down.
An asset is the source of value. Think of it as the "center" of the smart token. Typically, it’s a bank account, such as your current or savings account.
Surrounding this asset are a number of rules. These rules, which can be programmed by the issuer, dictate who can access the asset, at what time, for what purpose and under what set of circumstances.
Imagine you’re buying a TV from Amazon. When you hit "buy," your bank sends a smart token to Amazon, which has the following rules: a 1,000-euro payment limit and a two-week expiry date. In another transaction, the smart token issued in relation to the same asset (your bank account) could have completely different rules. If you’re buying a series of weekly Pilates classes, the token may have a six-month duration, enabling your gym to regularly draw down on that token as each class takes place.
That is the great thing about rules. They are the flexible layer that allow smart tokens to create an almost infinite number of unique and secure digital payment types at a fraction of the cost of today’s conventional payments infrastructure. Any existing payment method you can currently imagine, such as cash, credit card, checks and gift cards, can be emulated by a smart token, thanks to the rules. This is the flexibility that opens the door for banks.
Finally, a smart token has a state. This is the part of the token that tracks the value of the token according to its rules. After three months of Pilates classes, it’s the state that will record that 50% of your payments have been made. The combination of asset, rules and state combine to provide banks with the power to tear up the rulebook and perform transactions faster and at a vastly reduced cost, without relying on third parties to validate the payment.