Call it the week of tokenized credentials on file, the week of EMVCo and the week of SRC.
As noted in these digital pages, Visa said it would boost its Visa Token Service to send merchants through a network of 20 partners, spanning acquirer gateway and technology partners as token requestors, including PayPal, Worldpay, Adyen – and now, Amazon.
The commercial expansion of the “credential on file token requestors” gives merchants more security across transactions, done across channels.
In an interview last week with Karen Webster, Visa’s Andre Machicao, SVP of CyberSource and Authorize.Net, said merchants can leverage the benefits of tokenization and its security boost without the burden of integration, which is managed on the merchant’s behalf by the token requestors. Other Visa partners include AsiaPay Global, Braintree Payments, Checkout.com, Cherri Technologies, CyberSource, Elavon, Ezidebit, eWAY, FitPay, Giesecke & Devrient, Payscout, Rambus, SafeCharge Payment Solutions, SecureCo, Square, Stripe and YellowPepper.
The move toward tokenizing the card data that is held on file by merchants comes amid the EMVCo Secure Remote Commerce specification, itself geared toward eCommerce.
As has been reported, EMVCo issued a draft version of the specification known as version 0.9. The movement is toward version 1.0 – with input across stakeholders such as merchants, payment networks and issuers – to debut next year. Version 1.0 is anticipated to define the interfaces used in the exchange of payment data.
Visa itself had said earlier this week that it continues to support the draft of the EMV Secure Remote Commerce (SRC) specifications. The company said that the spec offers up a single digital point of sale, which in turn helps offer a consistent and secure way to pay.
The SRC emphasis, according to TS Anil, global head of payment products and platforms at Visa, is an effort to streamline the guest checkout process on merchant pages, a process that is today wrought with friction as users are forced to remember usernames and passwords, or to complete a full registration to buy the things they have placed in their shopping carts.
The notion of a “single button,” Anil said, is also a bit of a misnomer, since the consumer experience is less about a “checkout” button and more about a “check-in” process using tokenized credentials.
On those pages, consumers will see an SRC mark, yet to be determined, that will give them the assurance that the process is secure, using a single standard supported by the card networks, which will then allow the consumer to complete checkout using the tokenized credentials on file with that merchant.
The Visa Token Services announcement came on the same day that Mastercard announced a tokenization initiative of its own, with gateway providers and firms such as Adyen and Worldpay, two of the players that overlap with Visa’s expansion.
Mastercard’s efforts look to have tokenization services on all cards by 2020, a tenet of its Digital Commerce Solutions Suite being rolled out to make online commerce more secure. Jess Turner, who serves as executive vice president of the company’s digital payments and lab division, said that tokenization offers “added security, higher approval rates and, on top of that, [lifecycle] management, [which] leads to a better consumer experience.”
Mastercard’s own partnership roster includes Adyen, as noted, Digital River, Stripe, Square, Worldpay and its own eponymous gateway services to bring tokens to retailers. Mastercard has also noted that it is using biometric and AI to boost verification efforts, where Mastercard’s tokenization ecosystem, in tandem with Mastercard Identity Check, supports EMV 3D Secure standards. Rollout of those initiatives next year will aid transaction approval rates and reduce false positives, Mastercard has said.