Visa has expanded its Token Service to more acquirer gateway and technology partners so that they can tokenize credential-on-file digital payments for their merchant and payment clients, according to a Visa press release. Clients won't need to do any additional technology integration to request their own security tokens, the company said.
The new credential-on-file token requesters include Adyen, AsiaPay, Braintree, Checkout.com, Cherri Tech, CyberSource, Elavon, Ezidebit, eWAY, Fit-Pay, Giesecke & Devrient, PayPal, Payscout, Rambus, SafeCharge, SecureCo, Square, Stripe, Worldpay and YellowPepper.
Visa announced its tokenization capability in 2014 in the interest of providing an additional layer of security around digital payments, and has since worked with others in the payment and credit card sectors, including rival Mastercard, to spread the replacement of card numbers and expiration dates with security tokens for such payments.
This past summer, a Thales data threat report found that U.S. retailers lead the world in data breaches. One of the most recent breaches affected fashion retailer Shein, and that incident again made it abundantly clear that the problem is not going away. Also, it again highlighted how retailers seem perpetually stuck in reaction mode, always promising thorough investigations and free credit card monitoring, and talking about how seriously they take their customers' security and privacy.
Engaging in tokenization would be proof that the merchants and their payment partners are trying be proactive to do something about the problem. In a payment process that involves tokens, a payment device or processor requests a single-use token that replaces a customer's card data for a specific transaction, so no sensitive card identifiers are used, and the token itself expires after the transaction closes. There is no personal information to steal.
But, it's asking a lot of individual retailers and their acquirer gateway and payment processing partners to manage the technical aspects of tokenization, especially requesting unique tokens themselves for every purchase, That's perhaps why tokenization hasn't been an overnight success across the sector. Now, Visa and other payment card networks are doing what they can to spread the use of tokens far and wide.
This particular move by Visa is a big push to that expansion, as it allows frequent token requesters to engage in a network token system. It also lets merchants to issue their own security tokens to their own customers, rather than having to take extra steps to request the tokens from Visa. Additionally, individual customers can re-apply for tokens at all the different merchants where they frequently use their payment cards. Because each one of Visa's new partners has their own large network of merchant partners, who in turn each have their own large network of customers, tokenization could perhaps achieve the critical mass of usage. It may help reverse one of the worst tech trends in retail.