Time for retailers to beat CNP fraud by moving to network tokenization

Andre Stoorvogel, Director of Product Marketing, Rambus Payments

It’s time for retailers to migrate card-on-file databases to network tokenization, protecting consumers from card-not-present fraud, said a payments expert.
“It is hard not to become desensitized to the almost daily news of data breaches,” commented Andre Stoorvogel, Director of Product Marketing, Rambus Payments. “Back in September, WIRED assessed 16 of the most high-profile hacks of 2018 and payment data was a common theme in many of them. Sure, identity theft is appealing to fraudsters, but the end game is nearly always financial gain so lifting payments data is a far more direct path to a payoff.”
This trend, he said, is borne out in data: “According to PYMNTS’ Global Fraud Report, e-commerce fraud likely cost the industry $58 billion worldwide in 2017, with card-not-present fraud up 106% year-on-year,” he pointed out. “Javelin Strategy also highlighted that CNP fraud is now 81% more likely than point-of-sale fraud.”
It is essential, argued Stoorvogel, to make the potential prize less appealing: “When the payment brands replace a primary account number with a unique payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel,” he concluded. “Merchants can strike an effective balance between high security and a frictionless buying experience. While network tokenization is now being used in different ways, it is not a new technology. It has been hugely successful in protecting in-store mobile payments and it is now being touted as another layer of security for e- and m-commerce fraud. What many people don’t realize, though, is that card-on-file network tokenization does not only apply to newly enrolled cards. Existing card-on-file databases can be fully migrated to network tokenization and processed to ensure that the benefits extend to merchants’ full operations.”
Network tokenization, he added, means merchants only store payment tokens in their database rather than actual card numbers: “This delivers various security benefits to the digital commerce ecosystem by reducing the risk and mitigating the impact of malware, phishing attacks and data breaches,” suggested Stoorvogel. “Essentially, merchants can make their entire card-on-file database unappealing to fraudsters overnight. Of course, hackers may still try to get in, but by tokenizing cardholder and card data, the information taken is largely useless. So, hackers will simply need to go elsewhere for their ill-gotten gains.”

Related Posts