- Published on
How does Payment Tokenization work?
- Authors
- Name
- AbnAsia.org
- @steven_n_t
"The diagram below shows the tokenization process in Apple Pay.
The PCI Council defines tokenization as ""a process by which the primary account number (PAN) is replaced with a surrogate value called a token.
The key is that only trusted parties know the true PAN of the client. Other parties, including the merchants, PSPs, and Apple, don’t know client-sensitive information.
🔹Add a Card to Wallet
Steps 1-3: A user adds a credit card to Apple Wallet. The card details including PAN are sent to the Apple Pay server. Apple Pay identifies the issuing bank from PAN and sends card details to the issuing bank.
Step 4: The issuing bank requests a Payment Token from TSP (Token Service Provider). A TSP is an entity that registers with EMVCo.
Step 5: The TSP validates PAN and generates Payment Token, Payment-Token-Key (public key). It also vaults PAN for lookups.
Steps 6 - 8: The issuing bank receives tokens from TSP and generates CVV-key. These keys are returned to the Apple Pay server, and then to the Apple Wallet.
Step 9: Apple Pay provisions the tokens onto the SE (Secure Element), which is a secure chip on iPhone to store sensitive client information. The Payment Token stored on SE is called DAN (Device Account Number).
🔹Pay with the Card
Step 1: Merchat setup - The merchant that supports Apple Pay gets certificates from payment processors.
Step 2: The user authenticates themselves using biometrics.
Step 3: When the user pays for a product, the information stored in SE is sent to the merchant’s PoS.
Steps 4 - 6: The transaction is sent to the payment processors with an encrypted Payment Token. The payment processors decrypt the information and send it to the acquiring bank, which then sends it to the card network.
Step 7: The card network looks up PAN in the PAN vault, and decrypts dynamic cryptogram.
Step 8: The card network sends PAN, dynamic CVV, and the transaction to the issuing bank.
Steps 9 - 10: The issuing bank validates and authorizes the transaction, and sends the authorized response to the card network.
🔹Security
Apple Pay doesn’t store PAN on iPhone or Apple Pay servers.
DAN (Payment Token) only resides on SE.
Only the TSPs know about the mapping from Payment Token to PAN."
Author
ABN ASIA was founded by people with deep roots in academia, with work experience in the US, Holland, Hungary, Japan, South Korea, Singapore, and Vietnam. ABN Asia is where academy and technology meet opportunity. With our cutting-edge solutions and competent software development services, we're helping businesses level up and take on the global scene. Our commitment: Faster. Better. More reliable. In most cases: Cheaper as well.
Feel free to reach out to us whenever you require IT services, digital consulting, off-the-shelf software solutions, or if you'd like to send us requests for proposals (RFPs). You can contact us at contact@abnasia.org. We're ready to assist you with all your technology needs.
© ABN ASIA