Overview#Payment Token is a Pseudonymous Bank Card Number values that replace the Primary Account Number in the Payment Network.
During the payment process Payment Token is
- sent from the handset to the POS device
- then to the Card Issuer for transaction authorization
- the Token Service Provider also provides a service to map back the PAN from the Payment Token used in the transaction, which is sent over the Payment Network.
This way, the unsecure token space and secure PAN space are distinct areas.
The Payment Token Framework is published in 2014 by EMVCo Tokenization.
A Payment Token number does not reveal to the Merchant the PAN and possibly other information about the purchaser.
The Payment Tokens must not have the same value as or conflict with a real PAN.
Payment Token MAY be:
- Limited in time-to-live
- Limited by number of uses.
- Capped by maximum amount.
- or other conditions
More Information#There might be more information for this subject on one of the following:
- Alternate PAN
- Apple Pay
- Bank Card Number
- Card Sequence Number
- Dynamic CVV Value
- Google Wallet
- Payment Token
- Payment Token-Key
- Primary Account Number
- Token Service Provider
- [#1] - http://blog.securism.com/2009/01/summarizing-pki-certificate-validation/ - based on 2013-04-10