Overview#Payment Token are surrogate Bank Card Number values that replace the Primary Account Number in the payments ecosystem.
Payment Tokens are used to reduce the risks inherent to the transfer of sensitive payment data such as the Primary Account Number.
During the payment process Payment Token is
- sent from the handset to the POS device
- then to the Card Issuer for transaction authorization
- the TSP also provides a service to map back the PAN from the Payment Token used in the transaction, which is sent over the Payment Network.
This way, the unsecure token space and secure PAN space are distinct areas.
The Payment Token Framework is published in 2014 by EMVCo Tokenization.
A Payment Token number does not reveal to the Merchant the PAN and possibly other information about the purchaser.
The Payment Tokens must not have the same value as or conflict with a real PAN. Payment Token can be:
- Limited in time-to-live
- Limited by number of uses.
- Capped by maximum amount.
More Information#There might be more information for this subject on one of the following:
- Alternate PAN
- Apple Pay
- Bank Card Number
- Card Sequence Number
- Dynamic CVV Value
- Google Wallet
- Payment Token
- Payment Token-Key
- Primary Account Number
- Token Service Provider
- [#1] - http://blog.securism.com/2009/01/summarizing-pki-certificate-validation/ - based on 2013-04-10