How fintech tokenization empowers users and drives innovation (VB On-Demand)
Presented by Envestnet | Yodlee
Account tokens are a highly secure way to retrieve, verify, manage, and store financial data. In this on-demand webinar, learn how these tokens help payment processors prevent financial fraud, mitigate transactional risk, simplify data sharing, and more.
Watch for free on demand!
Returns, breaches, fraud and account takeovers are a growing problem. When a type of payment is compromised - whether cards to cardless payment rails or fiat to non-fiat payment apps - it not only costs the entire ecosystem, but also disrupts consumer experience and business operations. As a result, tokenization has become a form of protection that eliminates much of the hassle when a transaction is compromised.
Jeff Williams, SVP of Product Development at The Clearing House (TCH) and Ginny Chappell, EVP, Product and Marketing at Moov Financial have joined Lloyd Fernandes, VP of Product Management at Envestnet | Yodlee to explain how tokenization is transforming both data security and customer service in the world of financial services.
Tokens have dominated the card world, but the technology is becoming more prevalent in the banking world, as a way to add a more effective layer of data security to bank or bank accounts, especially as more and more accounts are distributed to third parties to be used for payments. Encryption only secures data at rest; at some point this needs to be decrypted to be used to make a payment and go through all the hops of the payment flow. And depending on the use case, there are multiple hops in that payment flow where the data is exposed.
For tokenization, a token service provider (TSP) provides a service that accepts sensitive data, such as PAN (the 16-digit account number on a card) or bank account, or personal information identifiable (PII) input. It then generates a substitute value, or token, as output. Sensitive data and the token itself are then stored in a token vault at the TSP.
A merchant or independent software vendor (ISV) can store the token in their environment without worrying about exposing the underlying sensitive PII data. Banks can simply deactivate and retokenize in case of fraud without the inconvenience and hassle of closing and reopening an account. Plus, it simplifies complex account verification processes, eliminates the need to store sensitive financial account information, and more.
Account tokens look and are formatted like a real account, with a routing number associated with them and an account number generated from the token service provider's vault, which is unique to the tokens and each bank. Thanks to this, token transactions are transparent and flow seamlessly through the network, whether it is a fintech application, a legal entity or a biller.
Account tokenization provides an additional layer of protection at rest, by encrypting the actual account. But in transit, while this token is circulating in the system, it is not a real account. If a hack or breach occurs at any hop in the payment flow when used on any of the network rails, it is useless and cannot be used by an unauthorized party.
Fintechs, billers, apps and other third parties may have their own unique token. If a bank recognizes there is fraud, or if they no longer want to do business with a certain app or fintech or biller or entity, they can deactivate that individual token, without disrupting the entire banking industry. payments by blocking an account as a whole. This provides very granular security mechanisms for banks to manage their financial data as it is released to market, and eliminates the myriad costs of account management.
“It costs a bank over $200 to close and reopen or reissue an account that has been compromised,” Williams said. “Then think about all the different places where this account exists. If you have to reopen an account and close the old one for the client and find all the places where the old one existed, it's painful and expensive. The beauty of the token is that you request it directly from a vault. This vault knows exactly where those tokens are distributed for that account, which is useful in any type of fraud situation. »
For the full panel discussion with industry experts on the multiple benefits of tokenization, from how it empowers users to how it drives innovation, watch this VB On-Demand event now.
Stream on demand here!
Presented by Envestnet | Yodlee
Account tokens are a highly secure way to retrieve, verify, manage, and store financial data. In this on-demand webinar, learn how these tokens help payment processors prevent financial fraud, mitigate transactional risk, simplify data sharing, and more.
Watch for free on demand!
Returns, breaches, fraud and account takeovers are a growing problem. When a type of payment is compromised - whether cards to cardless payment rails or fiat to non-fiat payment apps - it not only costs the entire ecosystem, but also disrupts consumer experience and business operations. As a result, tokenization has become a form of protection that eliminates much of the hassle when a transaction is compromised.
Jeff Williams, SVP of Product Development at The Clearing House (TCH) and Ginny Chappell, EVP, Product and Marketing at Moov Financial have joined Lloyd Fernandes, VP of Product Management at Envestnet | Yodlee to explain how tokenization is transforming both data security and customer service in the world of financial services.
Tokens have dominated the card world, but the technology is becoming more prevalent in the banking world, as a way to add a more effective layer of data security to bank or bank accounts, especially as more and more accounts are distributed to third parties to be used for payments. Encryption only secures data at rest; at some point this needs to be decrypted to be used to make a payment and go through all the hops of the payment flow. And depending on the use case, there are multiple hops in that payment flow where the data is exposed.
For tokenization, a token service provider (TSP) provides a service that accepts sensitive data, such as PAN (the 16-digit account number on a card) or bank account, or personal information identifiable (PII) input. It then generates a substitute value, or token, as output. Sensitive data and the token itself are then stored in a token vault at the TSP.
A merchant or independent software vendor (ISV) can store the token in their environment without worrying about exposing the underlying sensitive PII data. Banks can simply deactivate and retokenize in case of fraud without the inconvenience and hassle of closing and reopening an account. Plus, it simplifies complex account verification processes, eliminates the need to store sensitive financial account information, and more.
Account tokens look and are formatted like a real account, with a routing number associated with them and an account number generated from the token service provider's vault, which is unique to the tokens and each bank. Thanks to this, token transactions are transparent and flow seamlessly through the network, whether it is a fintech application, a legal entity or a biller.
Account tokenization provides an additional layer of protection at rest, by encrypting the actual account. But in transit, while this token is circulating in the system, it is not a real account. If a hack or breach occurs at any hop in the payment flow when used on any of the network rails, it is useless and cannot be used by an unauthorized party.
Fintechs, billers, apps and other third parties may have their own unique token. If a bank recognizes there is fraud, or if they no longer want to do business with a certain app or fintech or biller or entity, they can deactivate that individual token, without disrupting the entire banking industry. payments by blocking an account as a whole. This provides very granular security mechanisms for banks to manage their financial data as it is released to market, and eliminates the myriad costs of account management.
“It costs a bank over $200 to close and reopen or reissue an account that has been compromised,” Williams said. “Then think about all the different places where this account exists. If you have to reopen an account and close the old one for the client and find all the places where the old one existed, it's painful and expensive. The beauty of the token is that you request it directly from a vault. This vault knows exactly where those tokens are distributed for that account, which is useful in any type of fraud situation. »
For the full panel discussion with industry experts on the multiple benefits of tokenization, from how it empowers users to how it drives innovation, watch this VB On-Demand event now.
Stream on demand here!
What's Your Reaction?
