Visa has partnered with a number of New Zealand payment service providers to introduce technology that, it says, will make it much more secure for companies to keep customers’ credit card details on file for repeating payments: direct debit, top-up, loyalty, subscription or account-based online shopping.
The technology, credential-on-file (COF) tokenisation replaces the usual stored card details—account number and expiry date—with a unique digital identifier (token) that is used to make a payment without exposing a cardholder’s sensitive information.
Visa says each token is merchant-specific, so can only be used with the merchant where it is stored, removing any incentive for hackers to try to steal the account data and decreasing the risk of data breach attempts.
According to Visa, in addition to enhancing security, COF tokenisation enables businesses to have consumer payment details instantly refreshed when a card is lost, stolen or expires, so there is no need for the consumer to log in and update their details, or the business to lose out on that payment cycle.
A YouGov survey commissioned by Visa found 26 percent of Kiwis taking over two weeks to update their details when they lose a card or have it expire, and 10 percent taking more than a month.
“The automated process could also help prevent online merchants from missing out on subscription renewals, with 19 percent [of those surveyed by YouGov] saying they would use the manual card update to try out an alternative, and 13 percent opting to stop using a service altogether,” Visa said.
Visa said its partnership with New Zealand payments gateways — Adyen, Bambora, Cybersource, Paystation by Trade Me and Windcave — “reinforces the strategy behind Visa’s Future of Security Roadmap, which sets the direction for New Zealand payments security from 2018 to 2020, and beyond.”
The roadmap comprises four initiatives:
Devalue data by removing the sensitive data from the ecosystem and making stolen account details useless.
Protect data by implementing safeguards to protect personal data as well as account details.
Harness data by identifying potential fraud before it occurs and increase confidence in approving good transactions.
Empower everyone, including accountholders, 3rd party providers and merchants, to play an active role in securing payments.
The version cited by CWNZ suggested Visa’s plan for the introduction of COF tokenisation is running behind schedule.
It was published in mid 2018 and had a timeframe to drive early adoption of COF tokenisation in 2017, mass adoption in 2019 and “Tokenisation of 100 percent of all accountholder data held outside of financial institutions,” in 2020 and beyond.