In addition, the digital ticketing portfolio and expertise from Rambus will complement Visa’s efforts in transport. Visa is committed to delivering transit and urban mobility solutions to public transit operators, technology partners and cities around the world, with nearly 250 transit projects underway, helping millions of people get where they are going faster and easier than ever before.

TS Anil, SVP, global head of payment products and platforms, Visa commented: “Facilitating safer, more secure digital transactions is core to Visa’s brand promise and central to growing electronic payments for everyone, everywhere. As the way people and businesses pay and get paid continues to evolve, the addition of Rambus’ technology will allow us to deliver greater security beyond the card to support more transactions, payments systems and participants. Going forward, we will apply these expanded capabilities, expertise and scale to help further all forms of global commerce.”

Jerome Nadel, SVP/GM, payments and ticketing and CMO, Rambus said: “Rambus Payments and Ticketing solutions are at the forefront of tokenization technology. Joining forces with Visa as a payments leader will allow the group to scale technology and capabilities to deliver new products and services to the market, while continuing to partner with existing customers.”

View the press release here.

The concept of tokenization is not a new one in the payments industry. Solutions that replace sensitive data with a non-sensitive equivalent have been around for years in various forms.

But as the digital payments ecosystem continues to expand, it is becoming increasingly apparent that ‘payment tokenization’ solutions, such as network tokenization, can address the urgent need for increased security and reduced complexity, while promoting enhanced consumer experiences.

A short history of tokenization in the payments industry

Tokenization solutions can be broadly divided into two categories: security tokenization and payment tokenization.

Security tokenization (also known as acquirer tokenization or non-payment tokenization) approaches have traditionally been used to protect cardholder data and personally identifiable information (PII) stored in merchant databases. This is needed to enable popular consumer payment methods such as recurring billing and one-click ordering.

In comparison, PCI tokens are security tokens that comply with PCI guidelines to meet PCI DSS standards.

The publication of EMVCo’s EMV®* Payment Tokenization Specification – Technical Framework in 2014 marked the introduction of ‘payment tokenization’ to the ecosystem, and was followed by anupdate in 2017. The aim? To enhance the underlying security of digital payments by replacing primary account numbers (PANs) with unique EMV payment tokens. Network tokenization is a type of payment tokenization where the payment network plays the role of the token service provider (TSP)to generate tokens.

Although EMV payment tokenization found immediate success in securing in-store mobile contactless payments, Consult Hyperionpredicts that it is online payments that will deliver ‘the real volume’. The question is, what differentiates network tokenization from security tokenization?

Delivering end-to-end security  

Proprietary security tokens are designed to protect sensitive information when it is ‘at rest’ within a merchant’s database after a transaction has been completed, reducing the risk and impact of a data breach.

The problem is, sensitive data is vulnerable throughout the entire payment processing chain. Not just at rest.

Neither proprietary or PCI tokens protect the consumer data while in transit or in use, introducing opportunities for fraudsters to hijack data through phishing attacks, malware and more. The rapid growth in card-not-present (CNP) fraud, despite ever-increasing investment in fraud protection, demonstrates a more fundamental, holistic approach to payment security is needed.

Below are three ways in which network tokenization can help meet those needs:

1. Securing data in transit– The main benefit of network tokenization is that card details are protected throughout the entire transaction lifecycle.
2. Domain controls– Network tokens can be restricted in their usage, for example, to a specific device, merchant, transaction type or channel.With the proliferation of new payment methods, such as online, IoT and voice, the ability to limit and control how network tokens can be used is key to preventing cross-channel fraud.
3. Reducing false declines – Since network tokenization protects card details throughout the entire transition lifecycle, issuers treat network tokenized payments as inherently more secure than non-network tokens. This can deliver numerous benefits downstream and address key pain points for merchants, by limiting fraud prevention spend, increasing approval rates and reducing false declines.

This trio of benefits are not the beginning, middle and end, however… there’s more.

4. Bridging the interoperability gap

As well as escalating security challenges, merchants must also deal with spiralling complexity.

Security tokens are limited to specific relationships, such as between a single acquirer and merchant. As the digital payments ecosystem expands, the burden of managing different proprietary tokens from multiple acquirers, payment service providers (PSPs) and gateways will become increasingly challenging.

The good news is that network tokens are globally interoperable across multiple acquirers and gateways. With the growth of omnichannel retail, consistency across different acceptance environments is a significant value-add.

We must also consider the backend impact. Security tokens are not formatted as routable PANs, so cannot be accepted as a like-for-like ‘replacement’. Network tokens are in the same format as a regular PAN, so can be accepted and routed along the normal payment rails without impacting the existing merchant systems.

1. Enabling value-added services

Hampered innovation is one of the hidden costs of fraud. Merchants want to spend their time, effort and resource on better consumer experiences, not tackling fraud.

It is true that security tokens can be effective in specific scenarios. Network tokenization offers more than just security, however, and can also be utilized to enhance the buying experience.

Digital card art to increase brand recognition, the ability to instantly refreshed card details, push provisioning to enable consumers to keep track of where and when their payment credentials are being used. All these features complement the security proposition to increase convenience and reduce friction.

Network tokenization versus security tokenization?

Although often referenced interchangeably, it is apparent that security tokenization and payment tokenization solutions (such as network tokenization) are very different propositions. Both are effective solutions for their defined purposes, but we should look to network tokenization as a foundational technology enabling secure, simple digital commerce through end-to-end security, global interoperability across different acceptance environments and value-added services.

For more information on network tokenization, visit the Rambus Payments Resource Library.

* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

With retailers expected to lose $130 billion to online fraud over the next five years, there is increasingly urgent demand for tighter solutions and greater protection for both consumers and digital commerce merchants.

But in the scramble to combat fraudulent activity, the industry has created an arguably greater challenge – false declines.

What is a false decline?

Around two billion card not present (CNP) purchases are declined each year, and transaction approval ratesfor digital transactions stand at around 85%, compared to 97% for in-store transactions.

This is not necessarily a bad thing, as cards are often declined due to the cardholder having reached their spending limit. Similarly, other transactions are declined when a fraudster is accurately detected.

The problem comes when a genuine customer within their spending limit tries to make a purchase…and still gets declined. This is known as a ‘false decline’ (or sometimes as a ‘false positive’). We know that false declines are a big problem, with US e-commerce merchants losing a total of $8.6 billion to declines, compared to the $6.5 billion of fraud they are actually preventing.

And the true cost of false declines goes beyond the initial sale. We also need to consider the wasted cost of acquiring the customer (through advertising and promotions), as well as the lost lifetime value of a potentially loyal customer.

What causes false declines?

If you are a consumer, the answer is probably ‘I don’t know’. To protect privacy and to prevent fraudsters trying to reverse-engineer the fraud logic, error messages explaining why a transaction has been declined are often deliberately vague. This compounds frustration, particularly when it is a loyal customer that is rejected.

Often the causes of false declines fall into two main categories: identity and structural.

Identity-related false declines are often caused by something very simple, such as a mismatched billing and shipping address or outdated card information. Outdated card information is a particular challenge for merchants where consumers make infrequent, high-value purchases (such as airlines). For example, a survey found that for one airline, over half of all declines were due to an incorrect expiry date or CVV2 code.

Separately, ‘structural’ false declines typically account for around 40% – 60% of rejected purchases, and are caused by the measures and parameters put in place by fraud management software. By being overzealous with their fraud prevention, merchants run the risk of creating too much friction, resulting in unhappy customers and lost sales. Equally, playing fast and loose increases the threat of genuine fraud as well, which can be equally as damaging.

Can network tokenization reduce false declines?

With network tokenization, the payment networks replace a primary account number (PAN) with a unique EMV®* payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.

Network tokenization reduces the risk and impact of genuine fraud by protecting card details throughout the entire transaction lifecycle.

But it can also reduce instances of false positives. Merchants that took part in network tokenization pilots conducted by payment networks have reportedly stated a false decline reduction between 5-8%.

As card details are automatically updated and refreshed, for example, the chance of outdated or mismatched data triggering an identity-based false decline on the system is limited.

Also, tokenized transactions are viewed as inherently more secure so are less likely to be classed as risky enough to be declined. The trust and confidence delivered by the end-to-end security proposition of network tokenization enables merchants to relax overly-stringent fraud controls and assume that a transaction is legitimate, without declaring open season for fraudsters.

A foundation of online commerce 

Given the scale and immediacy of the false decline challenge, advances are undoubtedly being made to improve security techniques and enable more intelligent risk decisioning.

Yet, ever-increasing fraud prevention spending is failing to contain an escalating problem. It is clear, therefore, that a foundation of secure trust is needed. This is where network tokenization comes to the fore, enabling merchants to strike the balance between security and convenience.

For more information on network tokenization, visit the Rambus Payments Resource Library.

* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

We are seeing an unprecedented shift in consumer spending habits. One in five global transactions are now ‘digital’, with online commerce growing at over six times the rate of in-store sales. But this rapid growth is introducing new challenges. Fraud is rising, yet merchants are under pressure to deliver the seamless payment experiences that consumers increasingly demand.

Network tokenization is one of many technologies that online merchants are turning to in a bid to strike the right balance between high security and a frictionless buying experience.

Yet, we should not think of network tokenization as an optional add-on. Rather, it is a foundational technology enabling secure, simple digital commerce.

What is network tokenization?

With network tokenization, the payment networks replace a primary account number (PAN) with a unique EMV®* payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.

The question is, how is network tokenization different to existing third-party proprietary tokens?

The main (and crucial) difference is that network tokenization ensures that card details are protected throughout the entire transaction lifecycle. Non-network tokens don’t offer this end-to-end security, introducing weaknesses at various points for fraudsters to exploit.

Network tokenization also introduces improved credential lifecycle management to keep card details current, whereas proprietary tokens do not always have issuer permission to access and manage the underlying account data.

Finally, network tokenization opens opportunities for new, enhanced buying experiences across existing and emerging channels.

What are the benefits of network tokenization for online commerce?

To fully appreciate the unique value that network tokens bring to the payments ecosystem, we need to understand how they can address the key pain points for e-commerce merchants.

• Reducing the cost of fraud

We can’t get away from it. Online commerce has a fraud problem.

E-commerce fraud is growing twice as fast as e-commerce sales, with retailers set to lose$130 billion between 2018 and 2023.

We should not be surprised that one in two US merchants see fraud prevention as ‘an increasingly challenging task’. They are already spending$3.48 to combat every dollar of fraud (and this is set to rise with the global cost of fraud prevention increasing by 4% year-on-year).

And yet, the fraud rates keep on climbing. In a hyper-competitive industry where every cent counts, blindly throwing money at a problem is not a sustainable strategy.

The end-to-end security proposition of network tokenization significantly reduces the risk, and mitigates the impact, of malware, phishing attacks and data breaches. Put simply, tokenized card data is useless if stolen and for this reason, network tokenization should be the foundation on which a layered fraud management approach is built.

• Combatting false declines

Given the scale of the fraud challenge, merchants and issuers are understandably adopting a cautious approach. Transaction approval ratesfor digital transactions stand at around 85%, compared to 97% for in-store transactions.

This leads to a high prevalence of ‘false declines’, where a valid transaction from an authorized cardholder is rejected by the merchant. Often the cause is something simple, such as an outdated billing address, but the results can be incredibly damaging.

Globally, false declines cost merchants $331 billion. 66% of consumers stop shopping with a retailer after a false decline. Unnecessary declines outstrip actual fraud 13 times over. Most tellingly, US e-commerce merchants are losing a total of $8.6 billion to declines, compared to the $6.5 billion of fraud they are actually preventing.

Network tokens can increase approval rates to reduce instances of false declines. This is because card details are automatically updated and refreshed, making it less likely for an erroneous data point to raise a red flag. Also, tokenized transactions are inherently more secure so less likely to be viewed as risky.

• Enhancing the checkout experience

Despite the huge challenges posed by rising fraud, it is telling that 91% of merchantsidentify ‘minimizing the amount of friction introduced into the user experience’ as the main priority when evaluating their approach to securing payments.

Introducing additional friction into the checkout process, then, is a no-go. But as network tokenization reduces the value of the underlying sensitive data, it adds an invisible layer of security.

We must also remember that merchants want to focus on payment innovation, not fraud prevention. Network tokenization is more than just a security play, and can be used to enhance the buying experience.

For example, it enables consumers to see a fully branded card when checking out, rather than a mish-mash of starred credentials and the final four digits. This boosts recognition, familiarity and engagement.

It also enables payment details to be instantly refreshed when a card is lost, stolen or expires. Better still, it can enable consumers to keep track of where and when their payment credentials are being used. For example, card details could easily be push provisioned to merchant apps.

What is the industry roadmap for network tokenization?

Given the clear benefits, we are already seeing strong momentum for network tokenization for card-on-file transactions. And with EMV® Secure Remote Commerce poised to debut in 2019, we can expect to see network tokenization extend to ‘guest checkout’ experiences.

There are options available for merchants and payment service providers (PSPs) looking to implement network tokenization solutions. For those with significant strategic resource, time and technical capacity, direct integration with the payment systems is an option.

Alternatively, for those looking to move quickly, qualified technology partners offer a fast-track to the immediate benefits of network tokenization (without the potential integration headaches).

For more information on network tokenization, visit the Rambus Payments Resource Library.

* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

The rapid expansion of the cryptocurrency ecosystem demonstrates the power of the blockchain to revolutionize financial services and beyond. Yet at the same time, the inherent volatility provides a cautionary tale.

With blockchain implementations gaining traction, it is clear that a new approach is required to enhance the security and usability of crypto and digital assets. But how can this be achieved?

A token gesture or real security?

Tokenization is a trusted, proven technology already used to secure billions of payments in-store and online.

The good news is that this process can be applied to crypto assets.

By replacing sensitive credentials – such as the private keys for blockchain and cryptocurrency – with a unique token that can restrict use to a particular device or channel, tokenization mitigates fraud risk and protects the underlying value of credentials.

This is because tokens cannot be used by a third party to conduct transactions if intercepted, adding a layer of frictionless security that complements the immutability of the blockchain.

Two signatures are better than one

Employing multiple signature is another way to enhance security, through the introduction of additional distributed keys for recovery and authentication.

In practice, this requires at least two signatures to confirm a transaction, increasing security and preventing fraud. It also allows consumers to safely recover their public or private key if it is lost.

Importantly, as this approach still relies on the use of original keys that are vulnerable to attack, multi-signature functionality is only truly effective when combined with tokenization technology to ensure vulnerable original keys are protected if attacked.

Hard to hack ≠hard to access

Until recently, the storage of crypto assets fell into one of two categories – hot and cold wallets.

Hot wallets are online storage services provided by exchanges, for example. Cold wallets are offline storage options and can range from USB devices to pieces of paper.

Both options have their problems. Hot wallets are constantly connected to the internet, meaning the vulnerable private keys are susceptible to attack from hackers and fraudsters. Cold wallets, while secure from hackers, limit the usability of cryptocurrencies. What’s more, if it is misplaced, or the hard drive corrupted, access to an asset will be irrevocably lost.

Given these challenges, it is apparent that there is a need to combine the security benefits of offline cold wallets with the convenience of an online wallet.

Segregated wallets fulfil this need by enhancing cold wallets with an additional security layer. When a user wants to access their asset, they can do so via a two-factor authentication protocol, which instantly makes their cold wallet warm. And by securing the asset in a cold environment, it cannot be hacked.

Usability – it’s the way forward

The usability problem for cryptocurrencies goes beyond just storage. The process of buying and selling is needlessly complex for novices and experts alike. From a security perspective, unfamiliar platforms and websites are an easy target for fraudsters.

But with many consumers now using online and mobile banking, there is a huge opportunity to incorporate blockchain solutions into the everyday experience. This will enable consumers to simply and securely access, trade and own multiple cryptocurrencies within a familiar environment.

A secure, convenient future for blockchain implementations

For a technology to be truly transformative, a secure foundation of trust and transparency is needed. Solutions that enable the secure storage and transfer of crypto assets, while democratizing access and improving the user experience, have the potential to enable this powerful technology to reach its full potential.

Interested in learning more about securing crypto assets on the blockchain? Download the Rambus eBook series now.

For anyone attending Mobile World Congress last week, they have no doubt gone to bed dreaming of 5G networks and foldable smartphones. But dig a little deeper, and there was a lot more up for discussion (honestly). As always, the show offered insight into the big trends that really matter across payments and commerce.

Securing IoT commerce

Following MWC last year, it was clear that the rapid growth of online and IoT payments was hugely exciting, but potentially an open goal for hackers. This has proved to be the case, with retailers expected to lose $130 billion through card-not-present fraud over the next five years.

Payment tokenization has already been hugely successful in securing in-store mobile payments. But with in-store just one piece of an ever-expanding payments puzzle, there was a clear need to move towards a fully tokenized digital payments ecosystem.

It has been a long-time coming, but it feels like momentum is now building. Players recognize the critical importance of bolstering the security of online commerce and enabling popular payment methods such as one-click ordering and recurring payments, without adding any additional friction into the buying experience. This is what tokenization delivers.

Importantly, tokenization technology is resonating with consumers who are increasingly focused on security and privacy. A Mastercard study found social conversations on tokenization, and the foundational role it plays in securing payments, reached a potential audience of over 11 million people.  Could we be moving towards an end-game where consumers demand tokenization? Let’s hope so.

Tokenization, together

But as connected commerce becomes ever more complex, ecosystem participants need to work closely to effectively deliver the trust and convenience that consumers demand.

Strategies that enable merchants and payment service providers to streamline their tokenization initiatives to reap the benefits of advanced security and an enhanced customer experience were up for discussion on the show floor.

Partnerships are key to these strategies. Mastercard, for example, spoke of the power of partnerships and trusted relationships. Visa also discussed the importance of collaboration as we enter a ‘new era in money’.

This ability to come together is more important and valuable than ever, particularly as the power of tokenization technology moves beyond card-based payments and into new areas such as account-based transactions, cryptocurrencies and digital identity.

Living in a material world

Despite the buzz surrounding online commerce, it was clear that physical payments are not going anywhere.

The headline grabbing news came from Spain’s Banco Sabadell, who demonstrated a live payment using an NFC chip embedded in the finger of a (lucky?) volunteer. Will biohacking prove to be the next big thing in payments? Stranger things have happened in the world of tech, but growing demand for wearable payments suggest that consumers are opting for slightly less extreme measures. For now.

More broadly, it was clear that the industry is thinking bigger when it comes to the in-store journey.

In-store commerce is not about a single form factor. Whether it be through a smartphone or a wearable (or yes, an implantable chip), what really matters in the omnichannel era is delivering added-value and convenience to consumers as part of an enhanced experience. Platforms like mobile wallets, which help deliver this flexibility, should be a strategic focus.

Is trust coming back to crypto?

In other emerging payments news, Samsung launched the Galaxy S10 with a pre-loaded cold-storage wallet to enable users to store cryptocurrencies including bitcoin and Ethereum.  After a rocky ride in 2018 (during which $1 billion was stolen from exchanges) , this could well prove a much-needed step in the right direction in ‘normalizing’ the storage and use of cryptocurrencies to build consumer confidence and familiarity.

Of course, there is still much work to be done. Solutions that enable the secure storage and transfer of crypto assets, while democratizing access and improving the user experience, have the power to enable cryptocurrencies and other blockchain solutions to realize their enormous potential.

From imagination to implementation

MWC is a show traditionally defined by devices. And this year, they all seemed to be 5G-enabled and fold in half.

For the payments industry, the aim is to keep pace with this innovation and deliver simple, secure and seamless payments across all devices and channels. The implementation strategies, ecosystem participation and partnership models required to do so are complex, but it was clear to see that we are moving firmly in the right direction.

By Andre Stoorvogel, Rambus

It is hard not to become desensitized to the almost daily news of data breaches. Back in September, WIRED assessed 16 of the most high-profile hacks of 2018 and payment data was a common theme in many of them. Sure, identity theft is appealing to fraudsters, but the end game is nearly always financial gain so lifting payments data is a far more direct path to a payoff.

This trend is borne out in the data. According to PYMNTS’ Global Fraud Report, e-commerce fraud likely cost the industry $58 billion worldwide last year, with CNP fraud up 106% year-on-year. Javelin Strategy also highlighted that CNP fraud is now “81% more likely than point-of-sale fraud.” So, what can be done?

Criminals’ eyes on a (boring) prize

If we take it as a truism that hackers will find a way behind firewalls, onto servers and into databases, we need to make the potential prize less appealing.

There has been a lot of talk about EMV® Secure Remote Commerce, card/credential-on-file network tokenization and more as ‘new’ ways to protect data. But not all of these concepts are new.

While network tokenization is now being used in different ways, it is not a new technology. It has been hugely successful in protecting in-store mobile payments and it is now being touted as another layer of security for e- and m-commerce fraud. What many people don’t realize, though, is that card-on-file network tokenization does not only apply to newly enrolled cards. Existing card-on-file databases can be fully migrated to network tokenization and processed to ensure that the benefits extend to merchants’ full operations.

Network tokenization means merchants only store payment tokens in their database rather than actual card numbers. This delivers various security benefits to the digital commerce ecosystem by reducing the risk and mitigating the impact of malware, phishing attacks and data breaches. Essentially, merchants can make their entire card-on-file database unappealing to fraudsters overnight. Of course, hackers may still try to get in, but by tokenizing cardholder and card data, the information taken is largely useless. So, hackers will simply need to go elsewhere for their ill-gotten gains.

Moving beyond PCI tokenization

It is worth quickly clarifying that network tokenization is different to PCI tokenization, which most merchants will already be familiar with. Where PCI tokenization only tokenizes card data in the database, network tokens travel through the whole transaction, meaning that the exposure of the original PAN is reduced to a minimum, making fraud much less likely.

Get ahead of the curve

Hacking, malware, phishing…online retailers must accept these as a reality of doing business in our digital world. They should not lose heart, though. Tokenization fits seamlessly into their current infrastructure and payment processing flows without impacting (and even enhancing!) the buying experience, it just makes the data they store infinitely less interesting to hackers. And that’s all of the payment data, not just newly enrolled cards. One important thing to note, tokenization is looking to become a requirement for e- and m-commerce merchants so getting ahead of the curve now will pay dividends in the future.

Overall, this is a technology that lets merchants focus more resource on what they do best, serving customers.

For more information on tokenization can help you protect card-on-file data in the fight against CNP fraud, download the Rambus eBook.

According to this year’s World Payments Report, compiled by Capgemini and BNP Paribas, the global volumes of non-cash transaction volumes grew by 10.1%, reaching 482.6 billion between 2015 and 2016. In addition, McKinsey’s recent Global Payments 2018report highlighted an 11% growth generated by payments, which topped $1.9 trillion in global revenue.

A thread that runs through both reports, which helps to explain this combination of transition and growth, is real-time payments (RTP). How then are RTP – aka faster or instant payments – evolving around the globe?

Innovation in real-time payments

Many countries around the world are at various stages of implementing RTP, and challenges still remain.

In early October 2018, US Federal Reserve Governor Lael Brainardoutlined the organization’s commitment to addressing current systematic issues limiting the growth of RTP. Summing up the challenge faced in markets around the world, she said, “faster payment innovations are striving to keep up with this demand, but gaps in the underlying infrastructure pose challenges associated with safety, efficiency, and accessibility.”

As a result, Brainard added, “we need an infrastructure that can support continued growth and innovation, with a goal of settlement on a 24/7 basis in real time.”

With established initiatives such as The Clearing House’s RTP system however, America is in a good position to accelerate adoption and implementation of faster payments.

Investment is not limited to America, though. Across the Atlantic, the TARGET instant payment settlement (TIPS) service has launched to increase the speed of euro payments in the European Union, settling payments in central bank money, irrespective of the opening hours of a user’s local bank.

In the Southern Hemisphere, it has now been a number of months since the launch of Australia’s New Payments Platform (NPP), and Reserve Bank of Australia Assistant Governor, Lindsay Boulton, has highlighted the government’s hesitancy to move services to the platform without it being firstly tested by industry. To encourage private sector interest in the scheme, a sandbox for developers to test APIs has been unveiled but there is clearly more work to be done.

But Capgemini is optimistic, expecting that NPP will drive non-cash transactions growth by not only enabling RTP, but also providing further value-added features.

Faster payments – faster fraud

These are just examples of two countries and global demand for faster payments is clearly going to grow. This growth, however, can provide the environment for increased fraud if new systems fail to learn from the problems experienced by previous implementations.

It is well known that where money goes, fraud follows. The ability to move funds quickly allows criminals to evade traditional checks like the identification of out-of-pattern activity, ACH block services and manual reviews.

There are various security approaches available to fight against fraud, but tokenization has already proved successful in protecting in-store and online card payments, with all the major payment systems, digital wallets and original equipment manufacturers adopting the technology.

By replacing unique sensitive information or data with a token, the risk associated with account-based fraud can be significantly reduced, fostering safe and secure RTP initiatives across the world.

Since the 1980s, momentum behind real-time payments (RTP) – also known as faster or instant payments – has grown at an accelerated pace, because of its benefit to both consumers and businesses. Estimates currently suggest approximately 35 countries, including Switzerland, Taiwan, India, China and the UK, have implemented or are developing RTP schemes.

With the European Central Bankalso suggesting that cash payments cost up to €65 billion across its 27 member-states (data predates the joining of Croatia in 2013),  the attraction of RTP becomes more evident.

But it can’t be that straight forward, can it?

Challenges facing RTP

In a word, no.  As where money goes, fraud follows. The ability to move money quickly allows criminals to circumvent traditional checks like the identification of out-of-pattern activity, ACH block services and manual reviews.

For example, manual reviews exist in a world where payments are governed by a three-day approach to clearance. Since RTP exists to execute transactions in seconds, this protocol has been made redundant. Fraudsters recognize this and are ready to exploit any vulnerabilities when RTP schemes go live.

All of this makes invoice, account-take-over and application fraud, that much easier.

Fraud from around the world

In 2008, ‘Faster Payments’ was launched in the UK. The objective of the scheme was to reduce payment times between different customer accounts, from three working days to typically a few hours. In the three years following the scheme’s introduction however, fraud tripled with a 132 percent spike in the first year alone.

Reasons for the rise include a combination of criminals being innovative, organized and prepared; and banks trying to play catch-up.

High levels of associated fraud are not restricted to the UK. In the USA, for example, PwC noted that some of its clients experienced a 90 percent fraud rate following the introduction of Zelle in 2017.

Mitigating the impact of fraud

Central banks and clearing houses must be proactive in mitigating the impact of fraud in-line with their adoption of RTP systems. To achieve this, they should consider payment account tokenization.

Tokenization is the process of replacing unique sensitive information or data with a non-sensitive equivalent, otherwise known as a token. As it cannot be used by fraudsters if stolen, it reduces the impact of data breaches and protects transactions, without consumers or businesses having to alter their behaviour.

Fundamentally, it removes the need to store the raw data of sensitive account information, reducing potential fraudulent returns.

What’s more, tokenization provides additional security for payments via set control parameters. If a token can only be used with a particular merchant, for a specific purpose, or has a set value limit; they become even less appealing to fraudsters.

Tokenization has already been successful in mitigating in-store and retail fraud and has been embraced by all major payment systems and digital wallets. These successes can be transferred to RTP schemes.

Faster and safer payments

As with any new payment initiative, there are going to be teething problems. RTP have experienced their fair share of fraud to date but by integrating tokens into the RTP process, banks can mitigate the impact of fraud, saving them money while protecting customer and business confidence.

And BIBD’s statement of “striving to be better” speaks volumes of its technology advances it’s made to protect its customers against online fraud or losses.

To further strengthen the security structure for its customers,  BIBD recently selected the Rambus Token Service Provider (TSP) as part of the bank’s mobile payment strategy to enable secure transactions to its customers.

The Rambus TSP helps secure the BIBD NEXGEN Mobile banking app.  This permits customers to digitize their cards and send payments, without revealing any sensitive payment information. The Rambus software platform replaces cardholders’ details with unique reference numbers to minimize the risk of fraud and the severity of data breaches. In this instance, unique payment tokens are worthless if stolen.

Rambus TSP generates temporary personal account numbers (PANs) or payment tokens.

As a modular platform, it combines tokenization with host card emulation (HCE) to allow payment issuers and processors to securely perform a wide range of payment process roles. Using HCE and tokenization, BIBD permits their cardholders to securely make payments using their mobile app.

To learn more about the Rambus Token Service provider solution, visit here.