Digital world of Payment Wallets and Tokenization
We all have used credit cards and Digital payment wallets. However, nowadays carrying a credit card or debit card seems to be a burden. The technology is very rapidly moving towards digital payment wallets e.g. Apple Pay, Samsung Pay and Google Pay etc. These wallets provide the liberty of not carrying a physical card and transaction can still be done at ease. It also provides an additional layer of security as the digital payment system passes the Virtual Card Number (Token) instead of actual Card number. Following important stake holding parties are involved in the digitization process:
- Digital Payment Wallet (Samsung Pay, Apple Pay, Google Pay)
- Schemes/ Association
- Token Service Provider (TSP)/ Token Vault
The digitization process of the cards consists of three main stages,
- Provisioning and IDV (Identity and Verification),
- Transaction Processing
- Token Life Cycle Management.
1) Provisioning: In this process, a customer enrols with a digital payment service provider by providing card details such as Card No, Card Expiry, Security Code, etc. The digital payment service provider requests a token from the TSP.Once the token is assigned to enrolled account or customer, the token service provider sends the token details to the digital payment service provider and replaces the Card No details with the token details and the same is used for online and NFC payment. The provisioning process is further sub-divided in to three steps
- Eligibility criteria check
- Approval of the Provisioning process
- Cardholder Step Up Validation
At first, the token service provider checks the eligibility of the cardholder with the issuer. Based upon the eligibility criteria checked in first step, TSP would take appropriate action, e.g. approve, decline, or step-up, based on attributes to provision the token. In the last step, the TSP allows the issuer to provide the supported methods of cardholder step up Authentication such as OTP validation.
2)Transaction Processing: For the transaction processing the customers, do not require its physical card. They can tap their mobile that is registered with payment wallet, to the NFC enabled POS terminal . It then processes the authorization and appropriate action will be taken care based upon the account eligibility. The transaction flow can be visualized as:
- A Customer initiates the purchase by tapping their mobile at an NFC enabled terminal
- The merchant sends the Token instead of Card No to the Acquirer
- Acquirer passes the token to the respective association such as VISA
- Association send the token details to TSP and retrieve the Card No details and then send both the details to the issuer
- Issuer approve/decline the transaction based upon the Card No eligibility and send the response along with Card No and token details
- Association sends the response along with the token details to the Acquirer and the same is passed on to the Merchant.
Clearing Process for Merchant: The clearing process include token details in the clearing file. It consists of a few steps:
- The merchant submits the capture file to Acquirer with token details
- Acquirer prepare the clearing file with the token details and send the same to the association
- Association / Token service provider fetch the respective card details and send along with the token details to the Issuer
- Issuer process the clearing file with both Card details and token details and send the acknowledge with Card No and token details.
3)Token Life Cycle Management: Apart from provisioning and transaction, the token service provider takes care of Token Life Cycle Management. There are 3 more sub-stages in the Token Life cycle apart from an Active token:
- Suspend Token: Whenever a payment wallet user lost its device, one need not worry. One simple phone call to the customer care can save them the headache of misuse of his payment wallet. Once the payment wallet user calls the customer care (Issuer) they raise a token suspension request to the TSP to update the token status to “Suspend”. Post updating the status the same is notified to Issuer as well. Issuer acknowledges the change TSP and TSP confirms the same to the digital wallet. Once Token is suspended the customer can not do the transaction till the token is resumed.
- Resume Token: There can be situations where the Cardholder finds his lost device or wants to resume the same token, In these scenarios also just by dialing the customer support the token can be resumed. The process flow is the same as Token Suspension. Issuer will raise the token resume request to TSP and the same is informed to Issuer as well. Post the token resumption confirmation the Cardholder can continue using same wallet once again without too much of hassle.
- Deactivate Token: Conditions where Customer does not want to continue with the payment wallet or their card or Device is permanently damaged the existing token needs to be deleted or deactivated. Even the deleting of the token or payment wallet is also very easy for the customer. They just need to raise a request to the Customer care or through device itself to deactivate or delete the token. The issuer or Wallet partner will raise to TSP. They deactivate or delete the token and the same is notified to Issuer as well. Issuer acknowledges the change TSP confirms the same to the digital wallet.
In Summary the usage of digital wallet very easy way of transacting, as it allows the customer for a cardless transaction. It also provides an extra layer of security. The tokenisation helps by way of a virtual Card Number, which keep away the original card details from the Acquirer. The original card details are only exposed to Schemes and Issuer. The life cycle management of tokens gives the privilege to activate, de-activate or resume the token services when needed and controllable at customers fingertip.