Consumers are increasingly moving away from traditional card payments towards digital options such as mobile wallets. While mobile wallets have been in existence for a few years now, the security and convenience of this payment method is now extending beyond in-store payments into ecommerce and the Internet of Things IoT.
Underpinning the seamless user experience offered by mobile wallets is a process known as tokenization. Payment tokenization is a security technology standardized by EMVCo, based on a set of technical requirements that enable sensitive card information to be replaced with a unique digital identifier called a token.
These tokens are only valid in a set context, unique to the device they reside in. No card details are exposed, and the tokens are useless outside of the specific circumstances in which they were intended to be used.
So how does payment tokenization work? In this blog, we will focus specifically on the workings of Apple Pay, but you can also find out more about how Google Wallet, Samsung Pay and other mobile wallet tokenization processes work elsewhere on the MeaWallet blog.
Having launched Apple Pay in 2014, Apple is now building out its embedded finance offering with its own cards, credit, savings and small business offerings. While it's mostly been doing this through partnerships, more recently it has been developing its own in-house infrastructure to reduce reliance on third parties.
In a relatively short space of time, Apple has made itself a key player in the payment ecosystem. Let's take a closer look at how Apple Pay tokenization works and how it enables consumers to make secure, seamless payments.
While DPANs ensure the transactions are secure, they have some shortcomings. As the DPAN is unique to the device, every device that a user wishes to use for payments requires a separate DPAN, even though they are all associated with the same card. If the device is lost or upgraded, a new DPAN will be required.
And if the user loses that card, has it stolen, changes bank account or gets a new card after their old one expires, further challenges arise. Merchants that have the DPAN stored on file for a recurring payment such as a subscription, say, could experience failed transactions.
To meet these challenges, Apple has recently introduced the MPAN or Merchant Primary Account Number. Effectively, this involves assigning a unique DPAN to each merchant. Apple plays the role of Token Service Provider, and issues these MPANs to the merchants. These tokens are restricted to that specific merchant and remain valid when a physical card expires, reducing the chances of disruption.
For Payment Service Providers, Fintechs and other Financial Institutions that want to digitize cards and enable payments with Apple Wallet or any other OEM wallet, MeaWallet offers a secure, compliant, certified and easy-to-implement solution through a single connection.
To learn more about Apple Pay tokenization and Token Management, Get in touch with us here!
Q: What is payment tokenization?
A: Payment tokenization is a security technology that replaces sensitive card information with a unique digital identifier called a token. This token is only valid within a set context, making it secure for transactions.
Q: How does Apple Pay tokenization work when adding a card to the Apple Wallet?
A: When a user adds a card, the card details are sent to Apple Pay, which identifies the issuing bank and requests a Payment Token from a Token Service Provider. The token is stored securely and used for transactions, while the actual card details are never exposed.
Q: How does Apple Pay ensure secure payments?
A: During a transaction, the Device Primary Account Number (DPAN) is sent to the merchant's Point of Sale (PoS) device, and transaction information is sent to the payment processor with an encrypted cryptogram. The DPAN is validated and decrypted by the payment network before the issuing bank approves the transaction.
Q: What are DPANs and MPANs?
A: DPANs are unique tokens assigned to each device for security, but they can be inconvenient if the device is lost or upgraded. MPANs, or Merchant Primary Account Numbers, are unique tokens assigned to each merchant, reducing disruption when a physical card is replaced.
Q: How does this change impact merchants?
A: Merchants must support contactless payments for Apple Pay in-store and register to support it for ecommerce. They need to manage DPANs for recurring payments but benefit from the added security.
Q: How does MeaWallet support Apple Pay tokenization?
A: MeaWallet offers a secure, compliant, certified, and easy-to-implement solution for digitizing cards and enabling payments with Apple Wallet and other OEM wallets through a single connection.
Q: How does the transition to Apple Pay affect existing cards and data?
A: The card details and tokens are securely managed and stored by the Token Service Provider and issuing bank, ensuring that the transition to Apple Pay does not expose sensitive information.
Q: What specific steps should users take to add their card to Apple Wallet?
A: Users can add their card by using the push provisioning method through their banking app or by manually entering card details into the Apple Wallet app. The details are securely processed and tokenized.
Q: How does Apple Pay handle lost or stolen devices?
A: If a device is lost or stolen, users can remove the DPAN from the Apple Wallet remotely. A new DPAN must be issued for a new or replacement device to continue making payments securely.