Network Tokens Proving Their Value
Personal identity numbers are only as secure as user behavior allows, and organizations entrusted to safeguard them are also hack points for fraud. Chakib Bouda, the CTO of Californian concern Rambus, has pointed out that this is precisely what tokenization can eliminate.
For nearly two decades, tokens have been employed to mask sensitive data, replacing it with a stand-in, “token” value. Bouda noted that modern network tokens can now also leverage the EMV protocols so familiar to fiat card users. The standards were introduced by the major card issuers at the same time that anonymous mobile wallets arrived, circa 2014.
Globally issues of fraud and novel advances in cybercrime continue to bedevil authentication and security. In the world of ecommerce, a 250 percent climb has been recorded since 2012 in the occurrence of card-not-present fraud. Not only does this raise costs for all parties, it’s also an inhibitor to the growth of digital retail channels.
When Someone Steals From You
Bouda pointed to consumer fears around exposing financial data like credit card numbers or even ratings. He said that far more onerous is the threat to a consumer’s very identity. Exposing facts like the make and model of the family car, the number of children in the family, pet names and travel details and also frequent behavior patterns, can lead to far more insidious crime, he insisted. Armed with this intel, crooks can “steal a person,” or at least their identity and “life” overall. Identity theft enables often bigger and more calculated crimes.
Bouda sees the possibility of a complete elimination of these ills through tokenization. “We’ve built the plumbing,” he said. “Let’s take advantage of that. We can use tokenization as it is; the framework could be applied anywhere.” With the legacy IPO model rapidly being eclipsed by a token-issue madness in ICOs, the fundamental abilities of tokens are now more scrutinized than ever.
The simple reality of tokens’ value is found not in what a token contains, but far more in what it lacks. Tokens carry no personal data and avoid many existing methodologies’ flaws. Tokens are used together with cryptograms, a renewable and each-time novel value, eliminating the pitfalls of legacy payment methods.
The Use Case For Tokens
Bouda pointed out that not only are tokens a means of eliminating fraud, they also carry the benefit of enhanced functionality. This results in more favorable UX and improves the customer life cycle. The key, in Bouda’s opinion, to a successful network token deployment, is the need for a specific token per vendor-customer relationship.
If Airbnb issued a token, that token should only then work with Airbnb. If a token is homogenized and can be employed across channels and platforms, it would recreate the scenario consumers currently endure. Any one entity in that chain could be breached, exposing all users’ credentials.
Bouda mooted a scenario in which a consumer has a number of linked tokens, yet a breach of one merchant would remain there and not completely compromise clients. With tokenization, the opposite approach to current practice is enabled. Standard practice in the event of a breach is to cancel a client’s credit card. Under tokenization, the breached, offending merchant can be cut out of the chain, rather than disabling the consumer.
“We should have done that a long time ago,” Bouda said, noting that consumers trusting to a single card number employed wherever they shop in the world is akin to “putting all your eggs in one basket.”
Tokens Solve Many Legacy Problems
Bouda did concede that the fintech industry is hard at work mitigating risks to all parties, by implementing protocols like 3D Secure 2.0. That said, he maintained that the still-massive information flow of the current system could be eliminated with tokens. Merchants wouldn’t have to store a shred of card data, and consumers will experience watertight shopping and other online behavior.
Merchants are still hesitant, however, as the token arena is still a novel one and decades of legacy payment protocols weigh heavy. Bouda acknowledges vendors’ concerns and even fears, and noted that any new technology or protocol comes with inevitable growth pains. He expressed the belief that, in moving away from the old school way of doing things, merchants would take “baby steps” at the start of this journey.
“I do understand the pain — it’s not trivial,” he said, “but it comes in handy to use this. Taking baby steps toward a full-blown EMV tokenization will take time, but that’s the way it is with any new technology that will emerge.”