For the
uninitiated, tokenization in this context is simply the act of replacing the
card number with something meaningful only to the token supplier, who has the sole
possibility and responsibility of matching the token with the original data.
As more and
more transactions are conducted online, and as processors move towards using
internet connectivity to exchange transaction data, tokenization becomes more
and more important. The industry also has a set of security standards, known as
PCI DSS which in broad terms encourage (or even require) replacing sensitive
data with tokens whenever that data is stored, in, for example, a database.
The Apple
Pay tokenization model is understood to be something like this: the cardholder
enrols their card with the Apple Pay app, which both confirms the physical
ownership of the device, and links the phone and card with a token that acts as
a temporary card number with which to execute payments.
When the
phone is tapped (like any other NFC card) on a compatible terminal, the token,
plus the transaction data, is forwarded to the local processor in the usual way.
At some point (usually as close to the point of issuance as possible) it is
necessary to swap the token for the card number so that the cardholder's
account can be debited.
All this
takes place, naturally, for a fee.
Even those
who aren't participating in the Apple Pay ecosystem are discussing tokenization
as a way to protect their transaction data. Subsequently, there is a renewed
popularity of search terms such as "tokenization as a service" and
"tokenization solutions".
Unsurprisingly,
this interest is matched by advertiser spending, with around a quarter (based
on research derived from Google AdWords data)
going on "tokenization pci", a further quarter on terms
related to specific applications of tokenization and brands (such as RSA, VISA,
tokenization appliance and servers) and the remaining half on four evenly
matched chunks.
It's those
chunks which provide the most interest; specifically, "tokenization
payments", "tokenization vs. encryption", "tokenization
credit card" and "tokenization vendors". These keyword chunks
are evidence that there is interest in tokenization outside of Apple Pay.
There are
several conversations here -- tokenization of payments in general, the
discussion of whether tokenization is merely a form of encryption (and if not,
which is better), how tokenization can be used with credit cards (there is little
evidence of a parallel discussion being applied to debit cards), and finally, there are people looking for
tokenization solution vendors.
The
following graph shows approximate interest levels for Debit Cards, Credit Cards
and Payments, using Google search data for the past 12 months for various
keyword combinations:
Clearly,
this has become more than just a buzzword; it's a service that both the
industry, and it's suppliers see merit in providing. The search volume graph
illustrates this quite appropriately:
 |
Search Volume for Tokenization Related Keywords March 2013 to February 2015
|
