Dan Fisher
Dan Fisher

With over 35 years in the financial industry, Dan M. Fisher has proven himself as a leader in the financial industry holding roles as the former director of the Federal Reserve Bank of Minneapolis and former Chairman of the ABA Payment Committee.

3 questions about tokens your bank should be asking

Credit and debit card fraud prevention are obviously a top priority with financial institutions today—particularly when the occurrence of data breaches at retailers are increasing by the day. This is unfortunate, but it is a result of a flawed system of weak security and a lack of accountability. The times they are a’changing, however, and the card is evolving.  EMV, the chip-and-pin technology, has been deployed through credit cards and soon in 2015 debit cards will follow. This technology will most certainly reduce card present fraud at the point of sale. It is a significant improvement over the mag-stripe technology common today.  Next is the token technology that will significantly reduce card not present fraud such as phone or internet purchases. Also known as “host card emulation,” in this technology a card user signs up for a token to be used with a particular retailer.  The token exists in the form of a bar code, QR code, or an embedded code within a smartphone specific app (i.e. Apple Pay). This code or token is used to emulate the card, but the card information is masked in a secure “vault.” Nobody can see the card information, only the token.

And the token can only be used for the merchant or service it is assigned to. If the phone or token is lost or stolen, it quickly becomes useless by turning off the token, not the card.

Security is increased and cards do not need to be reissued—but there is an important twist.

The uber important question

Who owns the token?

That’s right!

Who owns the token?

In most cases, but not all, the issuer, the financial institution, owns the BIN (Bank Identification Number) and the PIN keys. And if you plan things right, if your institution decides to switch processors, you may not have to re-issue cards.

But what happens if you have customers who use tokens?

What if you want to change processors? Will your customers lose their token and have to re-enroll?

This can be just as inconvenient to the customer as a card reissue. Not a good thing!

Ask three key questions

Yes, tokens will reduce card not present fraud and increase customer confidence. But here are three questions your institution should ask before you jump into the token space:

1. Who owns the token?

The right answer should be the issuer (your financial institution).

2. Can the vault the token is deposited in be designated or selected by the issuer?

The right answer should be the issuer (your financial institution).

3. Can the location of the token be changed if the issuer decides to change processors?

The right answer should be yes. Your institution should have the right to take the tokens with you.

Don’t execute a contract addendum before you receive the right answer, issuer!

Failure to control and protect your token rights is similar to allowing someone else to control or own your BIN!

It’s Uber important.

—The Wombat!

get a free EFT review for interchange income
Dan Fisher
Dan Fisher

With over 35 years in the financial industry, Dan M. Fisher has proven himself as a leader in the financial industry holding roles as the former director of the Federal Reserve Bank of Minneapolis and former Chairman of the ABA Payment Committee.

Related posts

Leave a Reply

avatar
  Subscribe  
Notify of

Join The Mailing List

The Copper River Group is a financial consulting firm that believes in the benefits technological advancement has for streamlining business.

  • This field is for validation purposes and should be left unchanged.
cea
cio