In an effort to make to make Internet and mobile transactions more secure, American Express has launched a new service that aims to replace payment card numbers with unique tokens.
E-commerce sites and digital wallet applications that use the company’s new token service won’t have to store customers’ card details. Instead merchants, banks and payment processors will be able to work with digital tokens that are mapped to real payment card accounts.
The payment tokens can be tied to specific merchants, transaction types or payment devices, limiting the ability of cybercriminals to misuse them if compromised. This means that widespread adoption of tokenization for card-not-present transactions would likely reduce fraud.
Unlike payment card numbers, if tokens are compromised, they can easily be revoked and replaced without the need to physically reissue the cards they link back to.
The American Express Token Service is based on the Payment Tokenization Specification and Technical Framework published this year by EMVCo, the organization that maintains the EMV standard for chip-enabled payment cards. It is already available in the U.S. and American Express plans to start rolling it out internationally in 2015.
The service’s release comes at a time of growing mobile payments adoption, partially driven by the launch of Apple Pay, which also uses tokenization. Major U.S. and international banks are also planning to launch their own mobile payments apps next year.
Those apps will likely use a technology called Host Card Emulation (HCE) that is present in NFC-enabled mobile devices running Android 4.4 “KitKat.” American Express has also developed network specifications for HCE to enable its card-issuing partners to use the technology.