View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Analysis
July 3, 2018

Tokenisation: next-generation payment security

By Briony Richter

The drive for faster payments, although necessary, raises concerns about how to properly combat fraud in the financial sector. David Worthington, vice-president of payments at Rambus, speaks to Briony Richter about the launch of Payment Account Tokenisation

Rambus’s Payment Account Tokenisation software will enable banks and clearing houses worldwide to protect account-based transactions such as ACH and real-time payments.

The purpose of this software is to tackle fraud more effectively and quickly. Tokenisation replaces sensitive information like card details and numbers into randomly generated values called tokens. In other words, every time a credit card number of a customer is stored in a database, the system transforms it into a unique – and indecipherable – combination of characters.

David Worthington believes tokenisation is far more secure than platforms within banks today: “For real-time payments systems, like Faster Payments in the UK, tokenisation provides another layer of validation to complement existing fraud management infrastructure. The process replaces account numbers with tokens to stop underlying account information being exposed to fraudsters,” he explains.

“Each account number can be linked to multiple tokens, each representing a different relationship, and domain controls can be applied to each to enforce those relationships. For example, this means that taxes can only be paid into a government account or bills can only be routed to a service company.

He continues: “In our ‘faster’ world, tokenisation fits perfectly as central banks and clearing houses no longer have time to do the slower legacy batch and manual checking.”

Over 35 countries have real-time payments systems being implemented or in operation, so the need for more secure and quicker payments is becoming critical for operational efficiency. However, banks and clearing houses are concerned that faster payments will lead to faster fraud.

Globally, the trend for faster payments is growing significantly, Worthington notes that with the rapid increase in fraud, it is critical that financial institutions adopt tokenisation.

“Real-time is a global trend – one that has triggered a more urgent need for tokenisation to replace some of the slower fraud checking mechanisms. Equally, though, classic file-based ACH will continue and fraud is still a big problem.

“Tokenisation is a mechanism that can both mitigate fraud across all account-based payments and enable innovation in areas like P2P payments and secure corporate purchasing systems.”

Although it will mean that banks and clearing houses will have to replace old systems and transaction processes, Worthington insists that it is a seamless process, making fraud significantly easier to reduce.

“Tokenisation is a non-intrusive and low-impact addition to the account-based payment ecosystem as tokens can be routed through the existing infrastructure and can be validated in the same way as standard account numbers.”

Consumers and business can rest easy as they can send and receive transactions in the same way they have always done. Worthington also highlights that the system has already proved successful in mitigating fraud in other areas of financial services, and is now secure and ready to conduct the same measures for account-based transactions.

Tokenisation seems to provide a seamless and secure environment for banks and clearing houses to conduct recurring payments.

Asked about hurdles in developing the system, Worthington says: “That’s an interesting one. While there are standards for things like message formats, there is no global standards body for account-to-account transactions. This means there are multiple formats for account numbers; so whilst there is IBAN, many countries have their own domestic account number formats.”

He adds: “This needed consideration to ensure that our existing tokenisation components could be easily configured to meet the needs of every central bank and clearing house worldwide.”

However, for Worthington and the Rambus team, it has been a worthwhile experience with long-term benefits for the financial companies using it. Commenting the highlights, Worthington states: “For me, a couple of things stand out. Firstly, it is great to see how tokenisation has been enhanced for the account-based ecosystem. For example, with account numbers to protect on both sides – payer and payee – it can add even more value than it has in protecting card credentials.

“We’re also now seeing greater recognition of the potential of tokenisation. We’ve had existing customers and other central banks coming to us to discuss how tokenisation could be applied to their domains on the back of its success in the mobile and online world, and now it is a reality.”

By implementing tokenisation, financial institutions can significantly improve data security and mitigate the risks of data breaches.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Electronic Payments International