Smart card technology represents the perfect baseline for a new generation of payment instruments that fulfill of a variety of stakeholders, according to a new paper that looks at the impact of tokenization, EMV, Apple Pay, Google’s host card emulation and other new players in the payments arena.
Released by the Smart Payment Association, the paper, “Driving Forward with Tokenization and HCE,” clarified the relationship between tokenization and HCE, and evaluated the potential impact of Apple Pay.
Smart card technology, with different form factors that are adapted to different channels, provides the ideal central unifying technology foundation for the roll-out of safe payment applications, according to the paper.
Since tokenization is bound to a single transaction or a particular transaction context, tokens are of limited or no value to fraudsters, SPA’s research showed.
Although a security breach of a token database may give fraudsters access to tokens used in past transactions, those tokens can’t be replayed, according to the research.
In contrast, host card emulation makes it possible for applications residing in a mobile device to use a mobile device’s near field communication interface to communicate directly with a contactless terminal, the association said.
This means application owners do not need to negotiate terms with issuers of the security element when deploying applications in NFC-enabled mobile devices.
At first sight, both these technologies appear to address different problems, according to the SPA’s new paper.
Tokenization is all about security, while HCE is an NFC-enabler, the paper said. However, in practice these technologies complement one another rather well.
For example, while HCE is not secure enough to store permanently static payment credentials, a token is a dynamic credential that’s created for the purpose of a one-time payment, the research showed. As a result, HCE is the perfect use case for tokenization, SPA said.