Presented by Envestnet | Yodlee
Account tokens are a highly secure way to retrieve, verify, manage and maintain financial data. In this on-demand webinar, learn how these tokens help payment processors prevent financial fraud, mitigate transactional risks, simplify data sharing and more.
Returns, breaches, fraud and account takeovers are an increasing issue. When a payment type is compromised – whether cards to non-card payment rails or fiat to non-fiat payment applications – it’s not only expensive for the entire ecosystem, but also disruptive to the consumer experience and business operations. As a result, tokenization has emerged as a form of protection that eliminates much of the hassle when a transaction is compromised.
Jeff Williams, SVP of product development at The Clearing House (TCH) and Ginny Chappell, EVP, product and marketing at Moov Financial joined Lloyd Fernandes, VP of product management at Envestnet | Yodlee to talk about how tokenization is transforming both data security and customer service in the financial services world.
Tokens have been dominant in the card world, but the technology is becoming more prevalent in the banking world, as a way to add a more effective data security layer to banking or bank accounts, especially as more and more accounts are getting distributed to third parties to be used for payments. Encryption only secures data at rest; at some point that has to be decrypted to be used to make a payment and pass through all the hops in the payment flow. And depending on the use case there are several hops in that payment flow where the data is exposed.
For tokenization, a token service provider (TSP) provides a service that takes sensitive data, like the PAN (the 16-digit account number on a card) or a bank account, or personally identifiable information (PII) as input. It then generates a surrogate value, or a token, as an output. The sensitive data and the token itself are then stored within a token vault at the TSP.
A merchant or independent software vendor (ISV) can store the token within their environment without worrying about that underlying sensitive PII data being exposed. Banks can simply turn off and retokenize in the case of fraud without the inconvenience and the hassle of closing and reopening an account. Plus, it simplifies complex account verification processes, eliminates the need to store sensitive financial account information, and more.
Account tokens look like and are formatted like a real account, with a routing number associated with them and a generated account number from the token service provider vault, which is unique to tokens and to each bank. By virtue of that, token transactions are transparent and flow seamlessly through the network, whether it’s a fintech app, a corporate entity or a biller.
Account tokenization provides an additional layer of protection at rest, by encrypting the real account. But in transit, as that token flows through the system, it’s not a real account. If a hacker or a breach happens at any hop along the way in the payment flow when it’s used on one of the network rails, it’s useless and can’t be used by an unauthorized party.
Fintechs, billers, apps and other third parties can have their own unique token. If a bank recognizes that there’s fraud, or they no longer want to do business with a certain app or fintech or biller or entity, they can turn off that individual token, without disrupting the entire payment industry by blocking an account as a whole. That provides some very granular security mechanisms for banks to manage their financial data as it’s distributed out to the marketplace, and eliminates the myriad costs that account wrangling racks up.
“It’s more than $200 for a bank to close and reopen or reissue an account that’s been compromised,” Williams said. “Then think about all the different places that account exists. If you have to reopen an account and close the old one for the customer and find all the places the old one existed, that’s painful and expensive. The beauty of the token is you’re requesting it directly from a vault. That vault knows exactly where those tokens are distributed for that account, which is helpful in any kind of fraud situation.”
For the complete roundtable discussion with industry experts on the multiple benefits of tokenization, from how it empowers users to how it boosts innovation, watch this VB On-Demand event now.
You’ll learn how account tokens:
- Work to reduce the risk of data theft
- Protect sensitive financial data from hackers and bad actors
- Simplify complex account verification processes
- Eliminate the need to store sensitive financial account information
- Prepare for open banking and open finance opportunities
- Jeff Williams, SVP of Product Development, The Clearing House (TCH)
- Ginny Chappell, EVP, Product & Marketing, Moov Financial
- Lloyd Fernandes, VP, Product Management, Envestnet | Yodlee
- Chris J. Preimesberger, Moderator, VentureBeat