Tokenisation in Mobile Payment

The number of people making payment with their mobile device continues to rise and as such, greater protection against counterfeiting, fraud and identity theft is fundamental.

Enhanced security in mobile payment

One recent development in mobile payment security has been the introduction of tokenisation. Tokenisation replaces the 16-digit primary account number (PAN) on a credit or debit card with a substitute value, referred to as a token. This token is used in purchases, meaning the card holder’s sensitive information is not exposed. If a token is captured, it has limited value, greatly reducing the risk of fraud.

Tokenisation provides greater security by using domain restrictions. For example – if a token is issued to be used in an NFC mobile device, it can only be used in that particular channel and only from that particular device. Tokens can also be deactivated remotely, so if a mobile device is lost or stolen, the token stored within the device can be deactivated by the user with no impact of the original credit or debit card.

There are two main technology approaches to tokenisation when it comes to mobile contactless payments: Host Card Emulation (HCE) and SIM Secure Element (SE) based tokenisation. The key difference between the two approaches is where the tokens are stored.

  • Host Card Emulation (HCE)
    HCE payment applications handling the tokens reside in the handset host or cloud and features single or limited-use tokens, device fingerprinting and transaction risk analysis. The security of an HCE solution is dependent on managed risk at the device and the payment system being ‘always online’ as the download of limited-use data ahead of a transaction requires connectivity.
  • SIM Secure Element (SE)
    The SIM Secure Element is a tamper-resistant hardware component that stores the payment application and tokenised payment data. It offers the same bank-grade security as integrated-chip payment cards. The tokens stored in a SIM Secure Element are multi-use tokens that are provisioned upon registering for the service and used for transactions throughout the lifetime of the payment product.

For further information, GSMA members can download the GSMA SIM – Based Tokenisation Deployment Guidelines from InfoCentre2. Alternatively, you can download the GSMA SIM – Based Tokenisation Service Solution Brief.

A Technical Case Study: Tokenisation in France and Poland
This case study gives an account of the business and technical requirements that informed Orange and T-Mobile Poland’s decisions around the design and that interested parties could consult as a reference if they chose to implement a SIM-based tokenisation service.

The paper also demonstrates a technical infrastructure that can be used to deploy a SIM-based tokenisation service in the French and Polish markets and the use cases driving the design of that infrastructure. The document also provides low-level technical details such as use case messaging flows and Application Programming Interface (API) implementation examples.

The aim is to provide practical insight and a point of reference for operators and other ecosystem players involved in planning and implementing SIM-based tokenisation services.

Download: SIM-Based Tokenisation Technical Case Study – France and Poland

Posts and all the Pages right widget
Live Projects

Vodafone Partners with PayPal... LONDON — PayPal and Vodafone have agreed to enable cus...

Read more

Gemalto, Orange, RATP and SNCF... Paris, Thursday, 3 December 2015 – Heads of four leading p...

Read more

GSMA COMMENDS ALLOCATION OF AD... Geneva: John Giusti, Chief Regulatory Officer, GSMA, commen...

Read more

Orange launch SIM centric NFC ... Malaga City Council, EMT Málaga and Orange have collaborate...

Read more

Orange Cash launched nationwid... Following a successful initial launch in Caen, Lille, Nice, ...

Read more

HKT launches Tap & Go mob... Hong Kong Telecommunications (HKT) has launched a SIM-based ...

Read more

NZ’s Semble adds public ... New Zealand’s contactless mobile wallet Semble is now avai...

Read more

Canadian mobile operators welc... Suretap, a leading Canadian open mobile wallet technology, h...

Read more

Changes in digital will mean changes in society. More from #Money2020 event #DigitalCommerce

See this tweet
Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.