trending
The days where payment tokenisation simply provides a tokenised, domain-controlled version of a payment account number appear to be diminishing fast.
With international payment schemes now announcing advanced features such as agentic commerce based on verifiable credential standards, are we now on the brink of a golden age of payment tokenisation?
What are the implications of these new initiatives for the payment ecosystem, asks Neil Hilton, Principal Consultant at Consult Hyperion, Consulting by Fime.
What has been announced?
Tokenization tipping point
The recent announcement by Mastercard in their work with the FIDO Alliance and its Payments Working Group to propose new standards on verifiable credentials linked to tokenised payments is an eye-catching initiative which further extends the capabilities of the core tokenisation platforms.
Together with initiatives to drive tokenisation adoption to 100% for e-commence transactions by 2030, payment tokenisation, once the preserve of digital wallets alone, is now reaching scale.
Why is this important?
Payment tokenisation programs are complex; layering technology, authentication, scheme rules and commercial frameworks, and importantly, many of the critical new product launches in recent years from the international payment schemes are based on tokenisation alone.
As new products are announced at what appears to be an ever-increasing rate, it can be difficult to understand what has happened to previous product announcements.
For example, what is the position of Click to Pay (SRC) within a verifiable credential world? Will verifiable credentials supersede payment passkeys, or co-exist in different use-cases?
Many lessons can be learned from the successes and near-misses of the past.
Furthermore, as global security challenges arise and as the reliance on ever more complex tokenisation programs increases to a material level, data residency and resilience become critical requirements for tokenisation programs, particularly in an increasingly cloud-based world.
How the seemingly contradictory requirements of a cloud-based scalable architecture and data-localisation are met is a key focus of many new token programs.
As payment tokenisation matures, new challenges arise; tokenisation providers will not only compete on new programs, but also on existing ones, bringing new challenges on existing portfolio migration, particularly for programs supporting a mixture of device-based and card-on-file tokens.
Reducing the potentially high risks of migration from one provider to another will be critical to achieving this successfully.
That’s not all…
Payment tokenisation has strong crossovers to the emerging work on payments within identity initiatives such as the European Identity Wallet. Whilst initially appearing quite separate, the core topics of authentication, trust and assurance lie deep within both topics.
The EUDI wallet architecture (as described in the Architecture and Reference Framework) is allied to existing device-based payment tokens with the secure device storage of verifiable (payment) credentials.
On-device payment credentials commonly facilitate near frictionless payment transactions through the major digital wallets.
Importantly the EUDI wallet trust framework, based on wallet secure cryptographic applications, together with the qualification and certification of wallet solutions, should enhance Issuer trust with payments made using such a wallet.
Lessons can also be learnt and synergies found from existing payment tokenisation to the operational side of payments within identity wallets.
For example, credential lifecycle management is an often overlooked but crucial element of current tokenisation programs.
The ability to provide merchants with an up-to-date payment credential linked to a payment account is a core capability and advantage of tokenisation programs.
Equally, the ability to operate through payment aggregators (Issuer Token Service Providers or Token Requestor Token Service Providers) has become core to providing scale within payment tokenisation.
Both credential lifecycle management and aggregator enablement are important topics for Identity wallets seeking to move into payments at scale
Comments