Please enable JavaScript to view the comments powered by Disqus.

We use cookies on our website to give you the best online experience. Please know that if you continue to browse on our site, you agree to this use. You can always block or disable cookies using your browser settings. To find out more, please review our privacy policy.


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

June 22, 2015

The Current Tokenization Landscape in the United States

Last fall, Take on Payments featured a three-post series on tokenization. The first post introduced the technology regarding payment credentials and noted that merchant-centric tokenization solutions came to the market in the mid-2000s, driven by the Payment Card Industry Data Security Standard (PCI-DSS) requiring merchants to protect cardholder data. The second post examined some of the distinguishing attributes of payment token solutions in mobile wallets that were developed to replace the payment card's primary account number (PAN) with a token so the presence of the cardholder's PAN would be minimized or eliminated in the payment's data transmissions. The final post examined the challenges of payment tokenization and discussed its effect on payment risk over the short term.

Working with the Mobile Payments Industry Workgroup (MPIW), the Federal Reserve Bank of Boston's Payments Strategies group and the Federal Reserve Bank of Atlanta's Retail Payment Risk Forum just released a comprehensive white paper on the current tokenization landscape in the United States. Based on our research and interviews with more than 30 payment stakeholders, the white paper provides an overview of the U.S. payment tokenization landscape for mobile and digital commerce (versus physical card payments), describes the interoperability of different tokenization systems, and examines the status of these 30 stakeholders' plans to implement to a broader audience of industry stakeholders, policymakers, and regulators.

The paper discusses the many benefits, challenges, gaps, and opportunities of tokenization from the perspectives of the major industry stakeholder groups, while acknowledging that there is not always full agreement on current approaches or underlying details. The goal in authoring this paper is to encourage further collaboration among the stakeholders to resolve differences to the mutual satisfaction of stakeholders in the industry and to provide what is best for consumers.

Tokenization in mobile payments is just a very small part of the potential impact that tokenization can have in reducing fraud in the overall payments environment, but it is a start in a payments channel that is expected to grow significantly in the years ahead. We hope that you find the paper informative and feel free to contact us if you have any questions.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 28, 2009

Coordinating roles in mobile payments--who will we trust?

The concept of mobile payments is beginning to gain some traction as the industry grapples with environmental complexities—namely the myriad participants in the mobile payments arena, the mulitiple channels for a mobile payment to follow, and the ever-present questions about security. Who can be trusted to intercede among the various entities with an interest in the payments process? While a number of roles in the mobile payments arena are taking shape, the least known and possibly the most confusing is the concept of the trusted service manager (TSM). However, this role is also possibly the most critical to establishing a secure and trusted environment for mobile payments. So what exactly is a TSM and what are its responsibilities?

Complex environment for mobile payments
While anecdotes sometimes dismiss the anticipated speed to market of mobile payments as industry hype, the fact is that the ubiquity of the mobile phone is driving the convergence of telecom and payments. This convergence creates a far more complex environment for payments than ever before. Telecom participants and financial institutions have different regulatory and legal frameworks and distinctly different risk exposure, for example.  Furthermore, the U.S. mobile payments environment will leverage existing payment channels, such as the automated clearinghouse (ACH) and the card networks. No one knows if the industry and market will ultimately prefer a particular channel. The result is an array of business models with a vast number of unrelated players with competing interests for customer revenue.

Stakeholders in the mobile payments business model
In addition to the traditional payments model that includes the customer, financial institutions, and perhaps payment processors, the developing mobile payments ecosystem also includes large groups of mobile network operators and handset makers who have no previous payments life cycle experience. For payment system interoperability, all participants must agree to operate under uniform technical operating and security standards. In this context, the role of a TSM is to manage collaboration among the various stakeholders.

Role of the TSM
The concept of the TSM was introduced by the Global System for Mobile Communications Association (GSM) in 2007 in an effort to improve interoperability among various and unrelated proprietary mobile networks. The core function of the TSM is to serve as a neutral and independent middleman between financial institutions, payment network operators, customers, and the mobile network operators.

Responsibilites envisioned for the TSM include managing contractual relationships with the large number of mobile network operators (MNOs) as well as acting as a single point of contact for banks and other payment service providers to communicate with customers they share with the MNOs and handset makers. The key to the TSM’s success clearly is the financial wherewithal to inspire trust on behalf of the other payment participants and to support agreements with a large number of partners. Finally, the TSM should also provide the oversight for various systems among participants to ensure secure transmission of payments and personal data in the transaction.

Who should fill the role?
While the need for a TSM is recognized, there is no consensus on who should fill that role. MNOs, payment network operators, and financial institutions lack the economic incentives to form alliances with other participants in the payment ecosystem because of their competing interests for customer revenue. Whether the role is filled by a consortium of existing players or by a new entity yet to be formed will depend on an ability to fulfill these critical responsibilities from a position of neutrality and independence.

By Cindy Merritt, assistant director of the Retail Payments Risk Forum at the Atlanta Fed