Close panel

Close panel

Close panel

Close panel

Mobile payments 08 May 2019

What is payment tokenization?

This new payment method replaces sensitive debit or credit card data with a unique identification code called a ‘token,’ which is used during a digital transaction. Online transactions are therefore more secure because the customer’s actual card data no longer needs to be provided. BBVA has already committed to helping its customers adopt this new payment approach.

Teresa Alameda (BBVA Creative)

Over the course of the last decade, new digital channels and ways of making online purchases have grown in popularity: whether using the mobile applications of the digital giants – Apple Pay, Google Pay, and Samsung pay – or banking applications like BBVA's, or paying businesses directly though their own websites or applications.

The use of these new kinds of digital payment vehicles continues to grow across the globe. It is estimated that in 2019, some 2.1 billion consumers worldwide will use a digital wallet, a 30 percent increase compared to 2017, according to Braintree’s 2018 Global Payments Report.  Statista estimates that e-commerce will account for the movement of $4.8 billion globally in 2021.

This rapid emergence of payment systems in the digital world has been accompanied by the appearance of new methods of protecting customer data. One of the most recent is tokenization, an approach that converts the customer primary account (or card) number (PAN) into a numeric code that is used, substituting the real PAN, during a transaction. Thus, the customer’s real data is protected during the online transaction, preventing its interception and illegitimate use. The token acts like a digital decoy, substituting the customer’s real data and moving between the platforms and online payment networks in order to successfully complete the transaction while the customer’s real data remains secure.

This code that replaces the PAN number  – called the token – is unique and can only be used within the platform or device that has generated it. Furthermore, tokens are irreversible – meaning they cannot be reconverted into the original, real data – so it has no value nor would it permit purchases to be made in the name of the customers should it be intercepted.

BBVA and the payment methods of the future

BBVA is already prepared for this new approach and is developing a platform that enables tokenization in their apps. This platform will also facilitate connecting BBVA cards to third-party apps like Apple Pay, Google Pay, and Samsung Pay, as well as with other e-commerce platforms.

In the future, BBVA wants to provide its customers total control over their tokens on any platform or via any digital payment method, whether they be virtual wallets, wearables, or devices connected to the Internet of things.

How does it work?

The codes are generated by companies like Visa and Mastercard, which act like token providers (TSPs or token service providers), and they provide the tokens to mobile payment or e-commerce platforms so that they can be used during transactions instead of the customer's credit card details.

So, when users enter their card details into a virtual wallet like Google Pay or Apple Pay, these platforms ask one of these TSPs for a token; the TSPs should will first have to request verification of the data from the customer's bank. When the data has been verified, a code is generated and sent to the user’s device. Once the unique numeric code has been generated, it remains irreversibly linked to the customer's device and cannot be replaced. Thus, each time a customer uses his or her device to make a payment, the platform will be able to authorize the transaction by simply sharing the code (token), without having to reveal the customer's true data.

Tokens can be generated to safeguard payments in any kind of mobile virtual wallet, such as Apple Pay, Google Pay, Samsung Pay, and banking applications like BBVA’s, in addition to paying in physical stores and online with vendors or service suppliers like Amazon or Netflix.

There are more and more platforms that are adopting this approach to securely storing customer data, and in the near future it will also be used to safeguard payments made via devices connected to the Internet of things, including wearables.