Virtual terminals for credit card processing are the wave of the future, but with technology continually evolving to increase both convenience and security, credit cards themselves may be changing. A group of 22 of the largest banking corporations in the world has come together to push for widespread use of a new technology called tokenization.
Currently, the plan is to move to the Europay Mastercard Visa (EMV) smartcard over the next couple of years, which involves implanting a smart chip into credit cards, which will eventually result in phasing out of magnetic strips for card readers (including those readers used with virtual terminals for credit card processing). This represents one downside of EMV, which was pioneered before the widespread adoption of online commerce, smartphones and tablets. This makes EMV problematic for online payments.
Tokenization, on the other hand, is a means of encoding a card’s primary account number (PAN) through the use of a randomly generated sequence of alphanumeric characters the same length and format as the original account number, each time the card is swiped. This makes it very difficult to clone the original card, as the card’s actual numbers are not in any way transmitted to the retailer’s system, though the token can be “reverted” to the original PAN using the proper encryption keys. Tokens can be one-time only, or multi-use.
This method encrypts data before it is sent to the payment processor, and is then decrypted at the processor, who has the encryption key. What this means is that anyone who uses malware to intercept the transmission receives only the token and not the actual PAN. The retailer, on their end, can use the token to track the transaction and handle issues related to the transaction, without ever storing the actual PAN on their system.
The beauty of this system, says the banking group, is that it would not require changing the method of credit card payment, be it point of sale, mobile, or virtual terminals for credit card processing, in any way, since the new security is entirely software-based. Since the process is so centralized, this means that only a minute portion of the network can generate and decode the keys, which vastly increases security and protection of card information.
EMV is also looking at the possibility of tokenization, not as an alternative to the currently-championed smartcard technology, but as a complement to it, thus further increasing the security attached to the smartcard.