Token Service Provider for Mobile Payments
Naomi Lurie | Marketing Director, Gemalto Mobile Financial Services Smart Card Alliance, Orlando, April 6 2016
Paymentindustryisadaptingtodigitaltransformation
Thechallengeis:howtosecureandmanagepaymentcredentialsastheyproliferateacrossdevicesanddatabases?
Trusted Service Providers | SCA Payments Summit 2
Tokenswillbeusedtosecurelydistributepaymentcredentialswhilemaintaininginteroperabilitywithexistingcardinfrastructure
Trusted Service Providers | SCA Payments Summit 3
Token#1
PAN
Token#2Token#4
Token#3
Token#5
Token#8
Token#6
Token#7
Trusted Service Providers | SCA Payments Summit 4
Three mobile phone giants have all launched mobile
wallets
And 50 issuers have launched their own HCE-based wallets
ISSUER WALLETS
HCE
EMVCoPaymentTokenizationFrameworkFeb2014
Usingtokensfordigitalpayments
PaymentTokensaresurrogatevaluesthatreplacethePrimaryAccountNumber(PAN)inthepaymentsecosystem
ThepurposeofthePaymentTokensisto:Minimizeunauthorizeduseofcardholderaccountdata
Reducecross-channelfraudforcard-not-presentandemergingtransactionenvironments
ThePaymentTokenislimitedtouseinaspecificdomain,suchastoaspecificmerchantorchannel(presentmentmode)
PaymentTokensaregeneratedwithinaBINrangethathasbeendesignatedasaTokenBINRangeandflaggedaccordinglyinallappropriateBINtablesPaymentTokensmustnothavethesamevalueasorconflictwitharealPAN
Trusted Service Providers | SCA Payments Summit 5
TheroleoftheTokenServiceProvider(TSP)AccordingtoEMVCo
TokenGeneration:TSPhasatokenvaulttomaintainthemappingbetweenaPANandaPaymentTokenandaTokenRequestorTSPestablishestheTokenAssuranceLeveltoindicatetheconfidencelevelofthePaymentTokentoPAN/Cardholderbinding(duringenrollment)
TokenProcessing:TSPverifiesthecryptogramandde-tokenizesthePaymentTokentoobtaintheactualPANTSPchecksthetransactioniswithintheTokendomainandrestrictions
Trusted Service Providers | SCA Payments Summit 6
TransactionManagement
TokenVault
TheEMVCoTokenServiceProvidermaybelocatedattheissuer,paymentnetwork,orathirdparty
PaymentNetwork
Acquirer
Merchant
Issuer
Trusted Service Providers | SCA Payments Summit 7
Processor
WhataretherequirementstobecomingaTSP?
TSPmustbedevelopedaccordingtotheEMV®PaymentTokenizationSpecificationTechnicalFramework
TooperateaTSP(notapplicableforissueron-premisessolutions):EMVCoTSPRegistrationAnddeclareyourTokenBINRanges
PCI-TSPcertification(physicalandlogicalsecurityrequirements)PublishedDecember2015
Trusted Service Providers | SCA Payments Summit 8
“TSP”hasactuallytakenonabroadermeaninginsomeindustrytalk,butnotinspecifications
Inindustryterminology,“TSP”issometimesusedtorefertomorethantokengenerationandtokenverificationbecausethewaytheseservicesarebundlesbythepaymentnetworks
Trusted Service Providers | SCA Payments Summit 9
TransactionManagement
EMVCoTSP
ProvisioningConnectivityto
Wallets
Sometimesallthisiscalled“TSP”
TokenVault
Examplesof“TSPs”
Trusted Service Providers | SCA Payments Summit 10
VTS MDES
TrustedServiceHub
AMEXTokenService
ChinaUnionPayTokenService
TokenService DigitalPaymentPlatform
GemaltoTrustedServiceHub(TSH)=“TSP”Multi-PurposeWalletOnboardingandCardDigitization
Trusted Service Providers | SCA Payments Summit 11
ENROLLMENT
PROVISIONING
TOKENIZATION
ISSUER WALLETS
HCE
PARTNER WALLETS
NETWORK
PROCESSOR
ISSUER
Integrated EMVCo TSP runs on premises
Cloud-based solution that is geo-redundant with high
availability
KeyAdvantagesofGemaltoTSH
Designedforissuers,processors,networksandaggregatorsOptimizedcosts:connectonce,deployanycard,anywhereOnboardeasilywiththefuture-proofMobileGatewayModularandissuer-controlledtokenizationEMVconsultingteamstoassistwithcarddigitizationAlignedwithregulatorythemes
MaintainissuercontrolBusinessmodelCostsRiskmanagementIndependentandnetwork-agnosticroadmap
CombinewithcardissuanceTopofwalletmarketingFornewusecaseslikeinstantissuance,emergencycardreplacement,cardrenewal
Worldclassgeo-redundanthighavailabilitydatacenters,paymentnetworkcertified
Trusted Service Providers | SCA Payments Summit 12
Thank You [email protected]
Trusted Service Providers | SCA Payments Summit 13