1 Introduction

Tokenisation is a security technology which replaces the sensitive 16-digit permanent account number (PANClosed The card’s 16-digit primary account number (PAN) that is typically embossed on a physical card.) that is typically embossed on a physical card with a unique payment token (a digital PAN or DPANClosed Device PAN. The PAN value set up on the cardholder’s device. This is not visible to the cardholder, but is the PAN used for the transactions as far as the merchant is concerned.) that can be used in payments and prevents the need to expose or store actual card details. The DPAN is used to make purchases in the same way as a normal Financial PAN (FPANClosed Funding PAN. The true 16-digit PAN of the card, which Mastercard/Visa converts when authorisations come through to them from Acquirers on the DPAN.).

Figure 1: Tokenisation - converting a PAN to a DPAN

Tokenisation enables cardholders to access mobile wallet functionality — provided by companies such as Apple and Android — which allows payments to be made in store from a smart device such as a smartphone or tokenised device. Tokenisation also helps merchantsClosed The shop or store providing a product or service that the cardholder is purchasing. A merchant must have a merchant account, provided by their acquirer, in order to trade. Physical stores use a terminal or card reader to request authorisation for transactions. Online sites provide an online shopping basket and use a payment service provider to process their payments. to improve the security of online payment transactions by replacing the sensitive PAN card details with a token and storing this instead. The token can then be used for repeat or recurring payments.

Tokenisation is increasing the adoption of mobile wallet and other new payment technology and improving security across the industry. Its use will continue to grow as more merchants and issuers enable the service.

Both Mastercard and Visa offer a tokenisation service to card issuersClosed Financial organisation and scheme member, licensed by the scheme to issue cards and process transactions using the scheme’s network.. Mastercard offer the Digital Enablement Service (MDESClosed The MasterCard Digital Enablement Service (MDES) is a data interchange platform for generating and managing secure digital payment tokens. It enables devices such as smartphones, smart watches, as well as merchants, to create a tokenised version of a Mastercard, which is specific to that device or merchant. Then the device/merchant can use the tokenised version of the card to perform transactions. The tokenised version of the card appears as just a normal Mastercard card number to the merchant and acquirer, and Mastercard will map the transactions onto the original cardholder Mastercard.) and Visa offer the Visa Token Service (VTSClosed Visa Tokenisation Service – is the Visa product name for tokenisation and equivalent of Mastercard’s MDES (see MDES). Thredd refer to this service as the Visa Digital Enablement Program (VDEP).); Thredd refer to the Visa service as the Visa Digital Enablement Program (VDEPClosed Visa Digital Enablement Programme. Also called the Visa Tokenisation Service (VTS).). Thredd supports both of these tokenisation services.

 

Thredd do not share details of the FPAN or DPAN with Program ManagersClosed A Thredd customer who manages a card program. The program manager can create branded cards, load funds and provide other card or banking services to their end customers. (Thredd clients). When a card is created on the Thredd system, we provide a unique public token that is linked to the card, and which can be used for queries and services on that card. The Thredd public token is for internal use only between Thredd and the Program Manager; it should not be confused with the payment token created during the tokenisation process described in this guide.