Read the full story here.
According to CCS Insight’s global forecast, by 2018, over 250 million smart wearable devices will be in use — 14 times more than in 2013. The shipments of smart wearable devices are expected to grow rapidly — from 9.7 million in 2013 to 135 million in 2018.
Traditionally, the provisioning of the wearable devices with the underlying payment account credentials has been a challenge. It can either be done by permanent coupling of the payment token to the underlying payment card account credentials during manufacturing, or via complex remote provisioning procedures, using trusted service managers or equivalent entities (yet another party in the value chain asking to be paid for the sophisticated and sensitive service), etc. What if a consumer wants to have another card linked to the same NFC wearable device a couple of hours later or wants to alternate between several underlying payment card accounts at his/her convenience? Can these provisioning flexibilities be achieved and the whole provisioning ecosystem greatly simplified? The good news is that the answer is a resounding YES, with decoupled tokenization.
The Decoupled Tokenization as originally described here is simple to implement payment innovation that enables fully flexible, very cost-effective, mass production of pre-tokenized NFC stickers, NFC wearable gadgets like NFC bracelets, NFC rings, NFC key-chains, etc., which is fully EMV-compliant and very secure.
For those new to the concept, the payment tokens in a “decoupled” payment tokenization framework can exist in two states:
- INACTIVE: When linked to a NULL underlying payment card credential inside the tokenization service provider (TSP) that is in charge of the linking. In this state, a payment token can’t be used for payments, i.e., all transactions initiated with an INACTIVE token will be rejected.
- ACTIVE: While linked to the real and legitimate underlying payment card credentials (PAN, expiry).
Consumers use their smartphone on-demand and securely manage the state of the payment token inside the NFC wearable. They “activate” payment token inside the NFC wearable by securely linking its payment token to the real underlying payment card PAN data of their choice. As part of the activation procedure, the consumer must prove to the underlying TSP, which is in charge of linking, that they are the legitimate owner of the underlying payment card by going through 3D Secure authentication steps (or alternative authentication of equal security level). Consumers are therefore fully in charge and control setting the parameters associated with the current linking:
- Maximum spending allowance for the current linking
- Maximum number of transactions allowed for the current linking
- Maximum duration of the current linking
After the payment token inside the NFC wearable device has been securely linked to the underlying payment card credentials, the device can normally be used for NFC contactless payments, as long as TSP — which is in charge of the de-tokenization step — confirms and guarantees the underlying payment card issuer that the payment token EMV cryptogram validation was successful and that all parameterized restrictions, attached to the current linking (i.e., maximum spending allowance, maximum number of transactions allowed, etc.) are in range and not exceeded.
Consumers can easily “deactivate” payment tokens inside NFC wearable devices using their mobile phone in a similar fashion. Deactivation instantly removes (invalidates) the current linking inside TSP Token Vault and relinks the device’s payment token back to the NULL underlying payment card credentials. TSP also automatically deactivates the payment token when any of the assigned parameter restrictions are exceeded. After the deactivation of the payment token, the device will be incapable of being used for payments until the next successful activation, which can be directed to the same or different underlying payment card.
Continue reading here.