26 C
Dhaka
Saturday, October 12, 2024

Tokenization and how it secures the digital mobile payments

  • Wahid Ahmed Choudhury

The payment industry saw more innovations and changes in last few years compared to all other ones combined over the decade before that. Digital payment is quite a convincing way of tapping into the potential customer segment. With rise of the digital wallets, newer channels for issuance and transactions have been created; and along with that, the need for specialized capability to handle backend complexities.

In recent times, it has been observed that different companies are adopting technologies and keeping themselves relevant in the race toward digital payment and other innovative solutions. A lot is going on in the payment and security industry, and it is shaping the FinTech industry in Bangladesh.

Part of that movement is the system security that necessitated a new method of ensuring user’s data and transaction safety in a mobile operating system. Otherwise, despite the advantages of quick service deployment, players in the payment industry would be in a vulnerable environment where fraud can cause serious damage to both the service providers and consumers.

The industry’s answer came in the form of Tokenization.

User’s confidential data – their personal account number (PAN), expiry date etc. – are stored in a secure server (Token Vault) online. Alternate randomly generated numbers called tokens are generated which are then downloaded to the mobile phone. During a contactless payment transaction, they travel through the POS to the Issuer system. The Issuer sends the token to the Tokenization Server for checking, and upon getting confirmation that it is valid, authorizes the transaction.

Only the Token Vault in secure storage has access to the actual PAN. Eavesdropping on any part of the transaction flow will not reveal the user’s confidential information. Also, tokens can be changed at set intervals, rendering the previous token invalid. Thus, replay attacks (recording and replaying whatever information is transmitted by a card, to impersonate that card) are useless. Tokens can be changed as frequently as once after every transaction.

Tokenization brings effective data security to emulated cards. Its online updating method is a good fit for the online provisioned nature of Host Card Emulation, the underlying technology for digital mobile payment.

Over the course of 2014, the payment brands have been publishing specifications for using Host Card Emulation along with Tokenization as a much more secure mobile payment system package. Using these specifications, service providers can deploy secure HCE-based payment cards in Android smartphones.

Kona Software Lab Limited, the Bangladesh office of South Korean smartcard payment and security industry pioneer Kona I Co., Ltd., has been steering the HCE-based digital payment platform deployment with tokenization in Bangladesh FinTech industry. The company already rolled out its state of the art payment platform for a number of leading players in the financial sector. It will continue its drive towards making the digital payment safe and secure for all.

The author is the Manager, Technical Marketing at Kona Software Lab Limited

Related Articles

CLOUD COMPUTING SECURITY

Cloud Computing Security Issues, Threats and Controls

0
Cloud Computing and service models  The official NIST definition (NIST 800-145) of cloud computing says, “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand...
API and Open Banking

API and Open Banking: Way for New Service Innovation for Banks and FinTech Companies

0
The people who gathered at a hall room of a city hotel in last month had one thing in common—they all are working in...
ISO 2001

ISO 27002: 2022 Implementation vs Reality

0
After almost a decade, ISO27001: 2013 is going to publish its new iteration of ISO27001:2022 in second (2nd) Quarter this year1. But prior to...
Deepfakes: The Synthetic Media I want to believe

Deepfakes: The Synthetic Media I want to believe

0
What Are Deepfakes? A deepfake is a sort of "synthetic media," which refers to material (such as images, audio, and video) that has been modified...
The power of API platforms

The power of API platforms brings the open banking promise into sharper focus

0
Open banking is a global phenomenon whose merits are felt in virtually every time zone, including those in the Asia-Pacific region. In contrast to...
Blockchains Gaming and Collusion

“Blockchains: Gaming and Collusion- A Reading in Political Economy”:  Futuristic Exploration with Fact-based Analysis

0
In this digital age, it has become quite common for us to constantly remain mesmerized by fascinating technologies.  However, deeper thoughts about those technologies,...