Your Digital Wallet: Mobile Payments & Tokenization

Mobile Payments have gained even more popularity. Now, you can head out of the house with just your phone. Mobile payment providers make it quick and easy to make purchases without having to keep track of your debit or credit cards.

Apple Pay may be the most successful mobile payment solution in widespread adoption. It’s possible to almost replace your physical cards by storing them on your iPhone (6 or later).

Apple Pay has become a widely used digital wallet by taking advantage of two developments in payment infrastructure to save you time: near-field communication (NFC) and token encryption.

What is Tokenization?

Apple Pay and other similar services use a process called “tokenization” for their security. In the simplest possible terms, tokenization is the use of a non-secure bit of data to stand in for a secure one.

Think of tokenization as arcade tokens. Secure data is the quarter you exchange at a machine for a token. That token tells the arcade machines that you have a quarter to play. The game machine never sees the actual quarter but instead accepts the token that stands in for it.

Apple Pay works the same way. The app creates a token – a random series of numbers – that corresponds to your account, along with a one-time security key. It transmits that data to the payment terminal. The payment terminal transmits that token to the “token vault,” a secure database that links these tokens to the existing accounts.

The token vault connects the token to the real account, provided the security key is correct. That token vault then transmits a charge directly to the linked cards, while returning a verification of funds to the payment terminal. With Apple Pay, the token vault is hosted at the payment processor, so the point of sale terminal never even sees your card information.

This is different from a swiped or keyed transaction. Ordinarily, the terminal reads your credit or debit card information directly and transmits it to the payment processor. This means your card’s information is stored in three different places. Any one of those could be the site of a data breach. In fact, one of the major recent data breaches, Home Depot, was caused by a bug in the point of sale terminal.

With Apple Pay’s tokenization, your information is seen only by the payment processor and your financial institution. That’s fewer points of failure along the information chain, which makes your transactions more secure. Apple has gone to great lengths to ensure that the token interaction takes place at payment processors, removing its own servers from the process as much as possible.

Importantly, this means that Apple itself has no idea what purchases you’re making. It can’t track your behavior based on your Apple Pay transactions. For fans of internet privacy, this has to be good news.

There are other layers of security involved in Apple Pay and similar services. For starters, the apps won’t work unless your phone is unlocked. Given the fingerprint reader technology in most modern smartphones, that’s an added layer of protection between a potential thief and your data.

The biggest downside of this level of security is the cost involved in implementing it. Because of Apple’s insistence that the token interaction not use its servers, some payment processors have been reluctant to add the additional security. This has slowed the expansion of Apple Pay technology and is part of the reason only about a third of retailers accept the service.

In sum, Apple Pay’s tokenization system is an efficient, secure way to pay. By using modern technology and the latest in encryption protocols, Apple Pay is able to keep your data more secure and private than ever. You can feel confident using Apple Pay anywhere you’d pay with your credit or debit card.

This article is for educational purposes only. WeStreet Credit Union makes no representations as to the accuracy, completeness, or specific suitability of any information presented. Information provided should not be relied on or interpreted as legal, tax or financial advice. Nor does the information directly relate to our products and/or services terms and conditions.