Tokenization

What it is and why it’s important

Tokenization is the process of replacing essential credit card credentials — the 16-digit primary account number (PAN), for instance — with a substitute value. Called a token PAN or digitized PAN (DPAN), the token protects the real card number from theft and misuse. Payment tokenization adds a cryptogram to the mix. The cryptogram contains unique authentication data generated by the smartphone device. It demonstrates to the card network that the device and the card being used are genuine and not a vehicle for intercepted or cloned credentials. Moreover, the tokens transmitted from the point of sale (POS) can only be tied back to sensitive information kept on highly secure servers maintained by the token service provider (TSP). Samsung Pay currently utilizes the tokenization services offered by the global payment networks, which are available to all respective card association members, although third-party TSP integration is also supported, as well as TSPs independently owned/operated by card issuers themselves.

Tokenization

The card issuer sets the rules and parameters of the token service, conducts account verification and cardholder authorization during the token request stage, and authorizes transactions. In the event of a breach, tokens are of no use, and the payment data is kept secure from hackers. Tokens do not replace EMV (Europay, MasterCard, and Visa — the three companies that originally created the chip-and-PIN standard), but are a chip-and-PIN alternative for mobile payments. For more on EMVCo and the specifications for contact, contactless, mobile, and payment tokenization, visit https://www.emvco.com.

Token request and issuance

A TSP offers token requester (TR) registration, token lifecycle management, security and control, and processing management. Before a token is issued, the mobile wallet provider — in this case, Samsung, as the publisher of Samsung Pay — must first register with the card issuer’s designated TSP.

Once registered with the TSP, the TR can legitimately request a token on behalf of a cardholder and a specific device. This happens when the cardholder enrolls a card in Samsung Pay, at which point the request is sent by the TR to the TSP. Upon receipt of the request, the TSP performs a series of security controls and identification and verification (ID&V) processes with the card issuer via the payment network before issuing the token.

Figure 1. Tokenization within a mobile payments infrastructure

Figure 1. Tokenization within a mobile payments infrastructure

The tokenized DPAN is tied to the user’s funding primary account number (FPAN) with the issuer, rather than to the physical PAN on the plastic card. Tokens remain active for as long as the account is active or is canceled, even if the plastic card expires or is canceled.

The user does not have to re-enroll the card when they receive a replacement card because the FPAN remains the same. In the event the card is lost, an alternate FPAN, tied to the existing DPAN, is issued. Meanwhile, the DPAN has its own expiration date. When the expiry date is reached, a new set of keys are replenished. The DPAN is not reprovisioned, nor does it require re-enrollment of the physical card.

Cryptographic key generation

The cryptogram is another important element ensuring a transaction’s integrity. It contains encrypted data derived from the token (DPAN), timestamp, and Application Transaction Counter (ATC), which are used to prevent a “replay” event — repeating a transaction using the same authorization code.

When making a purchase, the user’s device sends the payment token, along with a cryptogram, to the merchant POS, which relays them to the payment network for approval by the issuer. The cryptogram is generated using a cryptographic key based on the algorithm furnished by the card network. See Token handling by Samsung Pay for additional details.

This key, stored in the device’s trusted execution environment (TEE), called TrustZone, is static or dynamic, depending on the card brand/network. Static cryptographic keys are used over a relatively long period of time and in multiple key exchanges, whereas a dynamic key is generated for each exchange.

Multiple dynamic keys, often called limited use keys (LUK), are provisioned at card enrollment. The number of keys provisioned is regulated by the payment network. Each time Samsung Pay is used to make a credit card transaction, one key is consumed. Keys are replenished based on card network replenishment logic residing in both the software development kit (SDK) of the card network and the card network backend.

The card networks hold the master key to their card product and use it to generate a unique derived key (UDK) for each cardholder, which remains unchanged for the lifetime of the card. Once the cryptogram—generated using the static/dynamic keys in the device—is verified by the TSP on behalf of the issuer, transaction processing continues. If the cryptograms don’t match, the transaction is flagged.

Rules governing tokens and keys

Issuers are responsible for providing the card keys to the TSP, which sets the rules in accordance with the respective payment network’s specifications governing the number of transactions, value, channel, and valid timeframe within which the key can be used. The specific details of key management are governed by the payment networks and are different for each. Typically, the function of key management is undertaken by the TSP or a third party.

In the case of payment networks mandating dynamic keys after provisioning, the user’s device must obtain the keys ahead of time. Invisible to the user, multiple keys are downloaded to the device during a process called “replenishment.” Once keys are used or expire, the device must be online (connected to the Internet via Wi-Fi or wireless carrier) to obtain new keys for future transactions.

As discussed in TEE-based token management, hardware-based secure storage on Samsung devices makes static keys the preferred key type. Regardless of key type —static or dynamic — both the correct token and a correct key must be present to successfully process a payment.

Domain restrictions ensure the token is used for the intended cases for which it is approved. These restrictions specify the token’s use case, channel, and merchant for each TR. A token is only valid when it originates from the device, channel, merchant, TR, and use case for which it is intended. Token domain restrictions are defined by the TSP during the TR registration process.

Identity and Verification (ID&V) and token assurance

In addition to supporting the authorization decision by the card issuer, the token assurance level indicates to merchants, acquirers, and processors the present degree of confidence in the payment token to PAN-cardholderdevice binding. It is determined by the outcome of the ID&V steps conducted at the time the token is issued. An issuer’s chosen ID&V methods can range from no ID&V to a combination of user-supplied data, which can include billing address, device ID and location, and various communication channels—3D secure login, mobile banking, federated login, and one-time password (OTP). OTP is the most common ID&V channel. Samsung Pay currently supports OTP via SMS and email, call center, and app-to-app channels.

Figure 2. Card Enrollment and Payment Workflows

Figure 2. Card Enrollment and Payment Workflows