Mastercard And Visa Tag-Team Tokens

Mastercard new logo

Tokenization as a global standard for securing transactions in a digital world gets turbocharged today, thanks to Mastercard and Visa.

In a mutual commitment to accelerating the adoption of an open digital wallet, the global card networks announced their agreement to allow each network to request tokenized credentials from the other when consumers are transacting across any digital medium — in-app, online and in-store.

Put another way, starting next year, Mastercard will be able to request tokenized credentials from Visa for provisioning into Masterpass and Visa from Mastercard to provision into Visa Checkout.

Tokenization — the popular security technology that replaces cardholder information, such as account numbers and expiration dates, with a unique digital identifier (a “token”) that can be used for payment without exposing a cardholder’s more sensitive account information — is an integral piece of staying ahead of that building wave of online fraud and one that both Visa and Mastercard have spent a good deal of time, talent and treasure developing over the last few years.

As Mastercard’s Group Executive of Platforms and Emerging Payments James Anderson pointed out in conversation with Karen Webster, this was an effort that grew up alongside of both networks’ attempts to develop their digital payments platforms — Visa Checkout and Masterpass. And though the two are quite notably different, Anderson pointed out that there are two commitments that both share.

“Both [Mastercard and Visa] are committed to wallets that are secure — but also open,” Anderson noted. “Each of us has our own objectives around our own wallet — but the general consensus is that for mobile wallets to really thrive, they have to support multiple modes of use for the consumer — which means they have to be open. The tough part is, open wallets aren’t really open unless there’s a mechanism to make them interoperable.”

Tokens Get Turbocharged

It was also a natural next step to take as each global network expands access to token requestors via their respective APIs while addressing merchant questions about the use of tokenized card credentials issued by banks with both Visa and Mastercard card products.

Anderson told Webster that both Mastercard and Visa’s APIs are open to a variety of token requestors, an effort that he said has been central to their work in enabling secure, digital payments ever since launching MDES two years ago and enabling digital wallets such as Android, Apple Pay and Samsung Pay to provision Mastercard tokens via their API.

It is also, as Visa VP of Digital Solutions Vish Shastry noted, consistent with the many other collaborative efforts that the networks have pursued in the name of open, interoperable payments standards — from mag stripe cards to NFC.

“The analogy that we like to draw is what we did in the physical world. We created NFC and contactless to be more secure — and then we opened up that platform to let everyone else ride that rail so merchants and consumers have a consistent experience.”

Shastry went on to say that card networks, with their vast issuer and acquirer relationships, can drive such an effort at scale. “We think it benefits everyone to open it up in as a common rail.”

More than just a benefit, Anderson noted, it also makes it much easier to tell both firms’ merchant partners a single story about tokens, how they function and how they are managed to offer a consistent, cross-channel security standard — no matter where the customer is shopping or what card they happen to be using. It also offers a very pointed example of their respective commitments to securing and scaling transactions in a digital world in a way that is both controlled and stable, he said.

“As we are competing to secure merchant acceptance — it gives both of us the ability to tell the merchants a fuller story about transaction security using tokens and to demonstrate our collective commitment to accelerating this effort,” Anderson said.

A Global Push

Though the deal was announced today (Dec. 15), provisioning cards into each other’s mobile wallets won’t happen until the latter half of 2017 and then only in the U.S. From there, the goal is to enable token reciprocity on a global scale — and for all of the connected endpoints where consumers and merchants do business.

Today, Anderson noted, it is stores and smartphones — tomorrow, it will be billions of IoT-enabled things that will be ready to sign on and shop at a moment’s notice.