Visa launches tokenisation service in Australia

John Kavanagh
Payments company Visa has announced it will introduce tokenisation technology into the Australian market this year. The technology, which replaces a consumer's 16-digit card number with a unique series of numbers when making a payment, is being promoted as an additional layer of security for mobile payments.

Visa was coy about the actual timing of the launch and whether it had signed anyone up to use the Visa Token Service. It said it was putting infrastructure in place and was working with bank and merchant partners.

Tokenisation is seen as an important step in facilitating the entry of mobile wallet providers such as Apple into the local market.

Visa Australia, New Zealand and South Pacific group country manager, Stephen Karpin, said: "Tokenisation will be a largely invisible part of the payment process for consumers but it will bring the benefit of added security to their digital payments."

Visa's research shows that the greatest barrier to more people shopping online is payment security. Research by UMR Strategic, commissioned by Visa, found that 46 per cent of people have stopped a purchase when shopping online because they didn't trust the merchant with their card details.

Merchants, financial institutions and smartphone providers can initiate a request for a customer token. The token is a 16-digit number that replaces the customer's account number during a transaction.

For example, when a consumer makes a payment using a smartphone at a contactless payment terminal, instead of the account number going to the merchant's bank, the token is sent instead.

The merchant's bank passes the token to Visa to be validated before it is passed on to the card issuer for authorisation. All of this occurs in the background, allowing the consumer to transact in the normal way.

Tokens can be restricted to a specific "use case", such as a particular mobile phone. In Visa jargon this is a domain and its plan is that domains will eventually include particular e-commerce channels and particular merchants.

This is where the token's value as a security system comes into play. If anyone attempts to use a token in a different domain, the transaction will be flagged as fraudulent and declined.

Karpin: "We can see if the token is being used in the wrong domain. We think tokenisation will reduce the incentive for criminals to try and steal card details."

Tokenisation is standard technology, based on EMV specifications, and is interoperable, which means tokens will work on different payment platforms.

Karpin said the technology would use existing payments infrastructure and would be an attractive proposition for merchants, although it would not be mandatory.

One curious aspect of Visa's move to tokenisation is that it will not be branding the service in a way that would allow merchants and financial institutions to alert customers to the fact that they have installed an additional security layer.