news.cuna.org/articles/106847-the-future-of-securing-payments
Tokenization

The Future of Securing Payments

Embrace tokenization and authentication to combat fraud.

July 21, 2015

Above: CUNA Mutual Group’s Robert Jarosinski addresses the America’s CU/World CU Conference in Denver.

The idea of paying for goods or services has a long history.

As a paying society, we’ve gone from bartering for goods in 9,000 BC to using precious metal coins in 700 BC to the first-ever charge card in the 1920s.

The technology rooted in this history has also evolved, improving security, increasing simplicity, adding convenience, and reducing cost.

The challenge today is that we are inundated with too many choices. However, when you boil down the key functionality of each leading technology, it becomes clear that the future of payments is tokenization and authentication.

Tokenization

While tokenization has been used in various forms since the 1970s, it recently gained popularity in the payments industry with Apple leveraging it through Apple Pay.

So what is tokenization? Think of tokenization as a proxy for actual information.

Rather than having sensitive information out in the open, a unique stand-in alpha-numeric sequence is put in its place. If this information were to fall into a fraudster’s hand, it would be worthless.

Whether it is used for employees to log-in to remote networks, access sensitive software, or as part of your payment solution, tokenization is a powerful tool to help mitigate fraud.

Authentication

Securing sensitive data is only half the battle. In this virtual and remote world, the challenge becomes knowing who is on the other end of a phone call, email, or transaction.

Most credit unions exude a sense of pride in knowing their members. While knowing members certainly is a competitive advantage, membership growth is expanding to the point where continuing to do so in a virtual world is becoming unsustainable.

To make matters worse, as data breaches continue to rise, more information is spilling out into the open, making it easier than ever for our identities to be compromised. As a result, authentication techniques such as asking for date of birth, Social Security number, and so on are out of date.

Soon to follow are out of wallet questions and verification services, which validate information likely found through breached data. For those credit unions with an established remote membership, we are seeing a movement to identifying members by the one thing they are rarely without: their mobile phones.

Mobile phones

By pairing a mobile phone’s features such as entering information (static personal identification numbers [PIN]), using touch capabilities (fingerprinting), and taking photos (facial recognition), our mobile phones make for great authentication devices.

Whether using it at a branch, ATM, point of sale, at home, or for employee log-ins, this type of authentication is a two-step process:

1. Members authenticate their identities on devices by entering a static PIN or using biometrics.

2. Once the member is authenticated on the device, it generates dynamic information and a device profile.

By having both elements, the credit union can feel more confident in moving forward with the transaction.

While the future of payments is yet to be written, there are technologies available today to create a secure, simple, convenient and cost-effective way to perform transactions.

Using a combination of tokenization and authentication allows for sensitive information to be secured and additional certainty in identifying members.

ROBERT T. JAROSINSKI is a senior risk management consultant for CUNA Mutual Group.