Smart Tokens - A Carta Worldwide White Paper

Page 1

SMART TOKENS How Programmable Payments Will Revolutionize the Mobile Wallet Value-added services and enhanced user experience are poised to push digital payments over the tipping point A Carta Worldwide white paper

SMART TOKENS - A Carta Worldwide white paper

PAGE 1


TABLE OF CONTENTS Introduction

3

The Road to Tokenization

4

The Challenging Promise of Value-Added Services

5

VAS, Saved By the Smart Token

6

Unlocking the Potential of VAS

7

Benefits for Banks and Payment Providers (digital wallets)

8

The Future of Smart Tokens

9

Conclusion

9

Appendix

SMART TOKENS - A Carta Worldwide white paper

10

PAGE 2


<< BACK TO CONTENTS

INTRODUCTION This paper examines how the latest technological advances in tokenization will make it possible to leverage existing payments infrastructure to support value-added services in mobile payments and overcome scalability challenges these services have faced until now. These advances address the biggest barrier to reaching critical mass in mobile and digital payments: lack of perceived value to the end consumer. While early efforts in digital payments focused solely on moving payments from plastic to mobile, they failed to convince consumers to make the switch. New capabilities for value-added services (VAS) are paving the way for an exciting future of new payment use-cases. First generation tokenization was about improving the distribution of mobile payments by simplifying the technical and commercial complexity of the ecosystem. At the same time, tokenization added a critical layer of security to mobile transactions by replacing the sensitive Primary Account Number (PAN) with a token of no intrinsic value. By now this model of tokenization is used by all the “OEM-pays”—Apple Pay, Samsung Pay, Android Pay, etc.—as well the large and growing number of bank-issued mobile payment solutions that use HCE. This, along with the ubiquity of the digital wallet have created a robust foundation for mobile payments to take off at a larger scale. Just as Near Field Communication (NFC) has become the de facto standard for proximity point-ofsale mobile payments, tokenization is now the standard across the industry to support all digital payments and safeguard the underlying payment credentials.

SMART TOKENS - A Carta Worldwide white paper

It has paved the path for a second generation—the Smart Token—which uses logic and code to add intelligence to the transaction, adding capabilities that go far beyond security. Smart Tokens enable programmable payments: it is possible to define a set of parameters specifying where, when, for what and by whom a particular transaction should be authorized. And, as we will unfold, the arrival of programmable payments is poised to bust open the treasure chest of value-added services (VAS) for the benefit of consumers, merchants, and issuers. Imagine the convergence of real-time in-app services with everyday payment activities, where personalized and contextual factors can drive enhanced transactions in the digital and the in-store environment. Example use cases include instant issuance of retail credit, targeted offer, and a wide range of consumer and corporate use cases. As broader technology trends including social and conversational services along with AI and Machine Learning, the opportunity to deliver enhanced and value added experiences through programmable payments is endless. The potential is vast. (See page 9 for a list of opportunities Smart Tokens can touch) Smart Tokens are poised to take off. This paper unfolds how we got here, examines the shape this new solution will take, laying out new ways of looking at tokenization, and proposes ways Smart Tokens could revolutionize how we approach, not only payments, but any transaction.

PAGE 3


<< BACK TO CONTENTS

THE ROAD TO TOKENIZATION The vast majority of payments continue to be made in a “face-to-face” setting, and as a result, it is critical to consider this within an assessment of mass adoption and delivery of value-add digital payments. In that context, the ability to leverage the existing infrastructure or payment “rails” that are in place today represent the first step towards delivering any evolution in payment user experience. The first forays into mobile payments were based on leveraging the established payment networks and POS devices, utilizing NFC. Because they used NFC, the first generations of mobile contactless payments introduced dependency on a Secure Element (SE) to safely store payments credentials. While the various SE solutions shared the advantage of being able to tap into existing acceptance infrastructure, they also had some barriers: the SE was dependent on hardware that had to be physically in a mobile phone—it was costly and inflexible, but more significantly, it raised the question of who controls access to that piece of hardware. In 2012, Canadian OEM, RIM, challenged the hardware paradigm when it introduced “Virtual Target Emulation” on their Blackberry platform. The Spanish bank Bankinter first applied this technology to mobile payments, and in 20131 introduced the first EMVcompliant (not EMV-compliant at the time)

transaction without the use of a hardware secure element—a “Secure Element in the Cloud.” This new solution swapped a nonsensitive “token” for sensitive payment data. When users initiated a payment from a phone, a limited-use token was downloaded. They then had 60 seconds to conclude the payment before the token expired. A couple months later, Google announced that this type of technology—now known as “Host Card Emulation” (HCE)—would be part of the Android OS upgrade to version 4.4 (nicknamed “KitKat”). Not long after, in spring 2014, Visa and MasterCard publicly stated that they would formally support HCE. In 2014, EMVCo—the association that maintains the technical standards of the card payment industry—published their specifications for tokenization, which is already on the path to becoming the main payment tokenization standard going forward. EMVCo defines tokenization as: “A process by which the Primary Account Number (PAN) is replaced with a surrogate value called a Payment Token. Tokenization may be undertaken to enhance transaction efficiency, improve transaction security, increase service transparency, or to provide a method for thirdparty enablement.”2 >>

H O W D O E S A T O K E N I Z E D T R A N S AC T I O N W O R K ?

1

When paying - either via online purchase or tap-to-pay - the token goes to the Merchant

CUSTOMER

2

The Merchant passes the token along to their Merchant Acquirer

MERCHANT

1. SE in the Cloud: Bankinter Solution for Mobile Contactless Payments: http://www.mobeyforum. org/821/ 2. http://www.emvco.com/ specifications.aspx?id=263 p. 19

SMART TOKENS - A Carta Worldwide white paper

3

The Merchant Acquirer passes the token to the Network

ACQUIRER

4

Token vault matches token with customer PAN

NETWORK

7

5

Detokenization process routes authorizations to bank based on PAN

TSP/TOKEN VAULT

The authorization is passed to the Network and proceeds back to the Merchant Acquirer and to the Merchant

6

BANK

The Bank verifies funds and authorizes the transaction

PAGE 4


<< BACK TO CONTENTS

In their specification, EMVCo explains the benefits tokenization offers to all parties in the payment ecosystem: “Card Issuers and Cardholders may benefit from new and more secure ways to pay, improved transaction approval levels, and reduced risk of subsequent fraud in the event of a data breach in which Payment Tokens are exposed instead of PANs.” “Acquirers and Merchants may experience a reduced threat of online attacks and data breaches, as Payment Token databases will be less appealing targets given their limitation to a specific domain. Acquirers and Merchants may also benefit from the higher assurance levels that Payment Tokens offer.” “Payment processing networks will be able to adopt an open specification that facilitates interoperability and helps reduce data protection requirements for the Payment Network and its participants.”3 In 2014 Apple Pay was the first to fully implement EMVco tokens for point-of-sale mobile contactless payments. Two years later Apple introduced token-based e-commerce payments in apps. But despite this momentum, even Apple has struggled to convince users to ditch plastic cards for Apple Pay. The industry has every viable solution for payment acceptance and distribution. With mobile standards and tokenization in place, we have all the elements to deploy mobile payments at mass scale—but it hasn’t happened yet. 3. http://www.emvco.com/ specifications.aspx?id=263 p. 9

Why? There is no clear incentive for consumers to break their existing habit—there are no value-added services (VAS), just one more way to pay.

SMART TOKENS - A Carta Worldwide white paper

Without VAS, the barrier of adopting a new behaviour is just too much for most users to overcome—no matter how simple the new behaviour may seem. It’s time to look at creating real incentives. Mobile wallets have begun to bring loyalty, rewards and couponing into convenient proximity of our daily payments—there is no card to misplace or to overstuff a physical wallet. But with Smart Tokenization, for the first time, loyalty and rewards can be built right into the transaction itself. In fact, every transaction can come with any number of preprogrammed parameters that could eventually make digital wallets feel like an indispensable part of our day-to-day. THE CHALLENGING PROMISE OF VALUEADDED SERVICES For a time it seemed that every article, workshop and webinar on mobile payments focused on anything but payments. It was widely understood that payments wouldn’t be enough to gain traction with consumers. The full suite of services that would accompany payments on mobile devices were what really resonated. When Google announced its support of HCE in 2013, it came with the promise of exciting new functionality—not just payments, but loyalty, rewards, access and transit—all intended to make mobile wallets attractive and drive user adoption. But in the excitement around finally having a possible solution for mobile payments and the complexity of actually rolling out tokenization standards, VAS got all but totally lost. As a result the industry failed to introduce common standards for these other services and hasn’t realized their full potential. There have been some notable successful rollouts. Take Starbucks’ Rewards program. Customers earn stars for every dollar they spend in-store, online and in participating>> PAGE 5


<< BACK TO CONTENTS

grocery stores that add up to free coffees, special promotions, birthday treats and free refills. And customers love it. In the first quarter of 2016 Starbucks had $1.2 billion in customer funds loaded onto Starbucks Rewards.4 The program has 12 million members worldwide. They are doing something right— namely incentivizing habitual use. But to implement such a program universally would require building an integration to every point of sale in the world. With Starbucks as a model, the industry needs to look at implementing an equally compelling offering that can scale—online and in-store—that overcomes the limitations of merchant and POS customization. Smart Tokenization is poised to be the solution.

They need to be contextual—drawing on data about a user’s location and daily habits. They need to be social—integrating conversation, sharing and targeting through the channels consumers already use, including chat, social networks, and peer to peer. The need to be intelligent—leveraging user behaviour data and predictive analytics to target the right service to users, including usage of artificial intelligence and machine learning. A smart approach to digital payments needs to be all these things, yet not require a completely new processing infrastructure. The solution is to find a way to bridge new approaches with legacy infrastructure. That is precisely the role of Smart Tokens.

VAS SAVED BY THE SMART TOKEN For mobile payments to succeed, they can’t just be digital versions of the physical card payment experience. Banks and payment providers need to start, not with the card, but by thinking about the entire digital user experience.

Smart Tokenization is revolutionary in that it uses existing payment infrastructure but allows for an enhanced user experience—delivering actual value instead of just providing a new method of transaction.

Industry leadership group Mobey Forum positions it this way: “...unless mobile payments are tightly bound into the fabric of daily life, mass take-up is unlikely. With this in mind, the introduction of highly targeted VAS that are designed to appeal to specific customer segments is likely to entice that pool of customers to adopt the mobile payments facility.”5 This means starting with customer needs and wants, and developing a digital product that serves a distinct need first, rather than

replicating what’s always been done. Products that thrive in the digital space need to have three key components:

At its core, a Smart Token is a credential with programmable properties that allow the dynamic application of value, based on specified use cases. Where a traditional token has a static value, linked to a single underlying account/ PAN (much like a poker chip or a voucher, in analogue terms), Smart Tokens can be generated on-demand based on configurable drivers. Then they can be assigned parameters that dictate where, when and/or how the token can be used.>>

S M A R T T O K E N F LO W

MERCHANT OFFERS/LOYALTY

ALTERNATIVE FIN. SERVICE PROVIDERS

ACQUIRER

NETWORK

4. http://www.businessinsider. com/starbucks-loyaltyprogram-now-holds-more-money-than-somebanks-2016-6 5. Mobey Forum: Game of Phones, 2016, p. 14

SMART TOKENS - A Carta Worldwide white paper

TSP

DIGITAL SERVICE PROVIDERS

SMART TOKEN “ENGINE”

ENABLE FURTHER SERVICES 3RD PARTY DEVELOPERS

PAGE 6


<< BACK TO CONTENTS

Smart Tokens are designed to deliver advanced functionality, intelligence, and value to the user experience. And because the rulesbased authentication occurs on the back end, Smart Token are interoperable with existing ecosystems and acceptance infrastructures— you might say the solution is “agnostic.” Because they are dynamic, programmable, interoperable, and agnostic, they are highly flexible and can represent any value possible (monetary or otherwise) in a digital transaction. UNLOCKING THE POTENTIAL OF VAS Smart Tokens are ready to enter the market and finally unlock the promise of VAS. But just what is possible? Traditionally fragmentation has been the primary challenge to delivering VAS at scale — this comes in the form of proprietary systems and a general lack of consistency. As mentioned, a significant barrier has been the complexity of integration, and accommodating the technology behind POS terminals. While the ecosystem of payments is supported by schemes, organizations, common standards and certification regimes, none of this exists in relation to VAS. Only when the market establishes a consistent and persuasive way to deliver services like gift card programs, loyalty offers, coupons, and the like, will users and merchants see the value, and then propel these services to a critical mass. Smart Tokens are the answer. Not only do they open up a world of programmable payments. They smooth the path to VAS by eliminating the complexity of integration and offering a faster, simpler way to implement, maintain and further develop services. These new programs can be deployed at scale, without the need for any

upgrades to POS systems. They add altogether new use cases that were never previously possible, like instant credit, realtime lending, and convergence of online or app experiences with in-store retail payments. Giles Sutherland from Carta Worldwide explains:

“What is elegant about the Smart Token solution is that you don’t have to worry about how you deploy it. You take what is already existing in the market and leverage that. You thereby actually reduce the complexity of the ecosystem rather than adding to it—as most solutions have done so far. It becomes so simple to deploy something like this, and it doesn’t require heavy input or buy-in from all the different stakeholders in the ecosystem. It can be deployed seamlessly in the market without a huge number of upgrades to existing systems. This allows stakeholders to focus their resources on the actual services rather than the infrastructure needed to support them.” Smart Tokens can be used to support merchant rewards or offers, and function within existing mobile wallets and NFC infrastructure. And POS terminals can handle the tokens just like a token for a PAN. When considering the sheer volume of transactions that still take place face-to-face and in-store, this is no small deal. In-app and commerce purchases are steadily growing, but the vast majority of purchases depend on existing POS infrastructure. It opens up endless realtime interactions for businesses and consumers. If a consumer opts into an offer, they could be pushed a token that is good for a certain category of goods, certain times of the day, a certain location or a certain dollar amount. Merchants suddenly have the ability to create instant, and contextual user experiences in the midst of real-world payment activities. They can go a step further in parameterizing tokens, building on the value they get from mobile payments—using consumer data to create more efficient campaigns and more accurately targeted customer segments, or to enhance the value of loyalty programs, and converge the ecommerce and in-store experiences.>>

SMART TOKENS - A Carta Worldwide white paper

PAGE 7


<< BACK TO CONTENTS

BENEFITS FOR BANKS AND PAYMENT PROVIDERS (DIGITAL WALLETS) Merchants and consumers aren’t the only ones who benefit from Smart Tokenization. Wallet providers—be it a bank, neo-banking/banklite product or an OEM—suddenly have solid ground on which to build new business cases. Smart Tokens open up new avenues for more regular, intimate relationships with customers— offering an alternative method of accessing a broad range of targeted services like instant card-linked offers or real-time financing of big ticket retail goods. Giles Sutherland explains:

“Wallet and payment service providers will win from this because they can create more targeted loyalty programs and thereby get more from their invested dollar. They will have more intimacy with their customers, and they will be able to track what is happening with their loyalty programs—then use that data to continually improve and focus marketing initiatives. Not only will they have more effective campaigns, they’ll finally be able to see a big return on their digital wallet investments.” Historically the payments market has been fragmented with multiple stand-alone solutions serving stand-alone use cases. Currently, each bank or payment provider has a limited number of touchpoints with each customer. A single customer may have one or two accounts with a particular bank, and interactions are limited to fairly standard payments. However, in the same physical wallet next to that bank’s debit card and credit card, a consumer may also have a drugstore loyalty card, a flight points card, a gas station credit card, and a coffee shop gift card. We are unlikely to see an overall convergence of all this—consumers will still use multiple solutions for different use cases—but Smart Tokenization ultimately links all these solutions to an individual’s digital wallet, and therefore their bank account. Rather than a fragmentation scenario, banks can benefit from a proliferation scenario.

SMART TOKENS - A Carta Worldwide white paper

An existing credit card may have a simple points program attached. But imagine what’s possible when that card becomes a holistic product that targets various aspects of the user’s life, incorporating the function of all their loyalty and rewards cards. The layer of abstraction added in Smart Tokenization lets banks increase the quality of their loyalty solutions. Where loyalty has historically been linked to an anonymous plastic membership card, it can now link to a real person and all their spending habits. In the process, Smart Tokenization gathers data that forms an identity around the customer. That data, in the hands of banks benefits consumers—most of whom would prefer not to spread their money across various standalone and prepaid solutions—giving them a consolidated overview of their finances. Imagine a single dashboard of the consumer’s accounts, along with his or her loyalty affiliations—regardless of what payments instruments and solutions they are linked to. The consumer wants a feeling of control, and this is exactly what Smart Tokenization can facilitate and accelerate. By now—with a proliferation of highly-focused digital financial services—most banks have missed the opportunity to use digital as a unique selling proposition. From a competitive perspective, Smart Tokenization gives them a fresh chance to differentiate themselves in the current market landscape—where many have ceded the front-end user experience to digital wallets like Apple Pay or Android Pay—while still using the underlying infrastructure from global payment networks. It’s time for banks and payment providers to focus on a holistic way of thinking, and bring it to the digital space. It’s time to add real value to users’ card accounts and their mobile wallets. The winning banks will be the ones that take an active, progressive approach, remembering that their products should be contextual, intelligent and social while offering real value to the user. >>

PAGE 8


<< BACK TO CONTENTS

EXAMPLES OF VALUE ADDED SERVICES POWERED BY SMART TOKENS Below is an overview of types of value added services Smart Tokenization may play a part in: Information services E-receipts Analytics – e.g. Personal Finance Management (PFM) M-Commerce Coupons and vouchers Targeted offers Gifting Shipping and billing info Loyalty and memberships Loyalty cards Membership cards Discounts Earning loyalty points/miles etc. Loyalty redemption

THE FUTURE OF SMART TOKENIZATION The inherent flexibility of Smart Tokens opens up a vast future of potential use cases— starting within the EMV payment paradigm, followed by the tokenization of account-based payments in a PSD2 setting, and beyond. But Smart Tokenization isn’t limited to traditional transactions. The much-discussed Internet of Value allows us to apply this notion on a much broader scale, and consider the potential of “token of anything.” CONCLUSION The transformational future of payments is not only in sight—it’s finally within reach. To reach the tipping point, payment providers need to deliver relevant services and relatable use cases that actually do something for the user. It’s not sufficient to replicate the functionality of a plastic card in digital form. To see mass uptake, there needs to be clear value in the form of a unique user experiences SMART TOKENS - A Carta Worldwide white paper

Identity services E-identity Authentication/signing Security/restrictions Geoblocking Time restrictions Merchant/service category restrictions Amount restrictions Other Access control Ticketing Charity & Donations

that enhance existing habits. And to make it scalable, the solution needs to work with existing POS infrastructure. The essential components are all in place: the schemes have succeeded in delivering a very low friction mobile payments experience through the introduction of NFC and mobile contactless payments; many merchants already run sophisticated loyalty systems and have the customer insights needed to develop great VAS. Smart Tokenization is the missing link that unites the two and will shape an exciting future of commerce. Smart Tokens are here already, and instead of merely tokenizing a sixteen-digit account number, they can link to anything with a market value and go into a digital payment infrastructure. The opportunity is limitless.>> PAGE 9


<< BACK TO CONTENTS

APPENDIX: THE CARTA VISION OF SMART TOKENIZATION Carta Worldwide is already delivering the first customer implementations of Smart Tokenization for clients in Europe and North America. Carta was founded with the purpose of bridging the technological gap between the existing payments infrastructure and the requirements for the future of payments and commerce. Developing Smart Tokenization was a natural step in that mission. As a technology enabler, Carta’s role is to address and evaluate: What are the core services for clients? What is their role within the ecosystem? And what technology can be used to deliver those core services? Carta’s vision for these technologies is to deliver services that reduce cost, minimize the impact on existing backend systems, and accelerate deployment for flexible consumer-centric payments solutions. It means clients can focus on their core capabilities while the underlying technology components are addressed within a simplified framework. The plan is to bring a smarter and simpler solution to the market—one that can manage the complex requirements for tokenization but can be tailored to clients’ specific needs and packaged in a way that gives real value to consumers. Carta is a digital transaction platform—the engine behind fintech innovation. We empower new industry disruptors and allow established players to push existing technology into the future. Carta is the backbone of leading digital payment products around the globe.

SMART TOKENS - A Carta Worldwide white paper

PAGE 10


<< BACK TO CONTENTS

ABOUT CARTA WORLDWIDE

Carta is a digital transaction platform—the engine behind fintech innovation. We empower new industry disruptors and allow established players to push existing technology into the future. Carta is the backbone of leading digital payment products around the globe. www.CartaWorldwide.com Twitter: @CartaWorldwide Want to talk more about Smart Tokens? – Please contact Giles Sutherland Vice President, Product & Strategic Development M: +1 647 201 6269 O: +1 416 840 5611 x112 E: gsutherland@cartaworldwide.com

SMART TOKENS - A Carta Worldwide white paper

PAGE 11


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.