When Apple Pay came out last year, one technology stood out from the rest during Eddy Cue’s presentation on Apple Pay’s security: tokenization. In one fell swoop, Apple had a solution to solve the challenge of getting consumers to register their credit cards with Apple Pay.
Today, with the rise of card-linked offers technology, the use of tokens has started popping up in more and more consumer apps and experiences. Let’s take a look at exactly what these developments mean and how this technology protects consumers and their credit cards.
Take a consumer, let’s call her “Mary,” who decides to use a service like Apple Pay, a loyalty card app, or a card-linked offer such as BankAmeriDeals, AMEX Offers, or Coupons.com. To receive benefits from any of these technologies, Mary will authorize her credit card as part of the enrollment process.
What’s cool is that, for all these technologies, Mary’s credit card information only goes directly to the appropriate card network — e.g. Visa, MasterCard, or Amex — for authorization. Visa/MasterCard/Amex/etc. receive only what they already know, Mary’s credit card info, which comes with no other information about her enrollment (e.g. a username or email address). As a result, Mary can take advantage of the benefits that come from these new technologies without exposing her credit card or personal information.
For example, say that Mary registers her MasterCard with Apple Pay and Apple Wallet. Upon receiving Mary’s authorization, MasterCard updates its records to show that Mary has enrolled her card with Apple. It’s an agreement between Mary and MasterCard — Apple knows nothing.
As Mary starts using Apple Pay, MasterCard and Apple will only communicate about Mary via the last 4 digits of Mary’s card (which allows the companies to represent to Mary that her card is successfully enrolled), and a “token.” This token — a big string of random letters and numbers — has nothing to do with Mary’s credit card number. It’s a unique ID that Apple, and only Apple, uses to reference Mary.
The benefit of using tokens instead of credit card numbers is perhaps obvious — Mary’s private information doesn’t get thrown around between companies, which eliminates the risk of fraud. Mary can thus visit any Apple Pay store and pay with her MasterCard — just by validating the transaction on her iPhone.
Better yet, she’ll continue to receive all the benefits and points she already receives from using her MasterCard — just with the added bonus of never having to whip out her wallet and credit cards.
Because of the use of a token, Apple, MasterCard, and the merchants where Mary shops never share Mary’s credit card information. Every single one of Mary’s credit card transactions remains between her, her bank, and the merchant — just like a normal credit card payment.
Consequently, technologies like BankAmeriDeals, AMEX Offers, or Coupons.com, loyalty card apps, and Apple Pay cannot be the source of a consumer’s card information “getting out there.” The only parties who ever see Mary’s credit card number are the constituents that already have access to this information.
These benefits are why you’ll see a Google Trends upward spike for tokenization over the last few years. More and more companies are finding the benefit of keeping transactions between the consumer, merchant, and bank — rather than allowing this information to be seen or stored anywhere else.
Realizing, these benefits, we’ve been using tokens at Thanx since our company’s founding (more than 3 years before Apple, I might add). This particular technology is just one of the reasons we can deliver on a security guarantee of never storing consumers’ credit cards.
Better yet, the above practicalities of using tokens hold true for all companies — whether BofA, Amex, Apple, Google, or Thanx. Companies that have adopted tokens technology have done so in a standard fashion, which makes the overall ecosystem much more beneficial for consumers.
One small difference is that Thanx goes the extra mile that other companies don’t — we actually never even see (much less store) a consumer’s credit card information. When you enroll in Thanx, your enrollment goes from your phone, encrypted, straight to the credit card network. Thanx doesn’t see, know, or have any record of private information at any point — unlike Apple and Bank of America who store sensitive information for other purposes, whether it be iTunes payments or your personal bank records, respectively.