When Apple unveiled Apple Pay last year, its security features were generally considered the most exciting aspect of the product. Apples integration of tokenization was widely lauded as a major step forward for mobile payments.
While tokenization does represent progress, it is important to consider whether tokenization is, in fact, enough to secure online payments. There are some vulnerabilities, and as cyber thieves grow more sophisticated, companies will have to continue to innovate better security solutions, as well as ensure the ones that are on the market are being used as effectively as possible.
Tokenization is basically a safer way to send sensitive data, including card account numbers. It works by creating a random, unique number that represents actual data. This proxy or nonsensitive information, known as a token, is sent to the cloud for processing and storage. As a result, the sensitive data is protected both in-transit and at-rest. If hackers managed to break into the system, all they would find are meaningless tokens.
Tokenization significantly limits exposure of sensitive data by keeping it in control of the bank or processor at all times. This means that merchants dont have to handle sensitive and regulated data, or worry about protecting it. It also enables more rigorous identification features, such as a fingertip or picture of your face (as opposed to a pin number or signature).
Some will argue that this isn't enough. Tokenization can include a number of vulnerabilities, unless certain measures are taken to ensure that the systems are truly secure. One potential problem is with network segmentation. To be completely safe, the tokenization system must be separated from the data processing system. This prevents potential thieves from stealing the algorithm that can be used to detokenize. Your iPhone does this with your fingerprint. The actual print data is processed on an isolated chip, which is separated from the rest of the internal components, and a token is used for all data transmission.
Other potential problems exist with token generation. As mentioned above, tokens are generated to as a proxy for sensitive data. As a result, it must be impossible for hackers to recover the original PAN (Personal Account Number) from the token. They must be generated using a strong cryptographic algorithm or one-way irreversible function.
In addition, tokens are most often used today as alternate PANs. The token is essentially recycled. This means that if the isolated token system is ever compromised, the 'alternate PANs' are as good as the real number.
One solution to this problem is dynamically issuing tokens for one-time use and requiring a second form of authentication. For example, lets say Apple servers notice a ton of abnormal activity on your iPhone account. Its security system could take action, invalidate the current tokens, and issue new tokens after youve responded a text, answered a security question, etc.
Tokenization protects sensitive data when it is in transit or being stored, but that will not necessarily protect data that is stored on a users individual device. On-device management is also important.
Another challenge is that there are still not enough standards surrounding tokenization. A report from the Mobile Payments Industry Workgroup, convened by the Federal Reserve Banks of Boston and Atlanta, said that the variety of tokenization models can cause confusion and potentially lead to conflicting token implementations.
Andy Zichek is director of product management for 2checkout.