For banks, direct debit (ACH) fraud represents a greater financial risk than card fraud. In particular, the growing dynamics of real-time payment systems across the world create huge opportunities for fraudsters and put increasing pressure on banks and clearing houses, which now only have seconds instead of days to identify fraudulent transactions.
Banks have a variety of security approaches to tackle fraud, but tokenization has already proven effective in protecting card payments in stores and online, all major payment systems, digital wallets, and card equipment manufacturers. ‘origin adopting technology.
By replacing unique sensitive information or data with a context-specific proxy, tokenization can dramatically reduce the risk and impact of account-based fraud and foster safe and secure real-time payment initiatives across the globe. .
Financial institutions are already deploying various techniques to prevent and mitigate ACH fraud. Banks coordinate with agencies such as OFAC (Office of Foreign Assets Control) in the United States and OFSI (Office of Financial Sanctions Implementation) in the United Kingdom to share intelligence and monitor suspicious entities or actions. .
On a more practical level, out-of-schema activity identifies irregular or unusual transactions, transaction limits help prevent high-value fraud, and ACH blocking services aim to weed out unauthorized senders and recipients.
But it is the old-fashioned manual review that continues to be a mainstay of banking processes. According to a study by the Federal Reserve Bank of Minneapolis, 83% of banks in the United States use it as their main line of defense. It’s just not compatible with real-time payments, and banks recognize the inherent limitations, with 43% admitting it was “somewhat effective or ineffective.”
Tokenization is not a quick fix. Rather, it is a process that should be seen as complementary to all existing anti-fraud measures, adding another layer of robust security and providing unique benefits.
It’s a hostile world, and for many organizations, data breaches are more about when, not if. Tokenization of payment accounts mitigates the impact of data breaches when they are attempted because sensitive account information is not stored in its raw form. This reduces the risk of stolen account numbers being used to commit transactional fraud, for example.
Likewise, the control parameters limit the use of tokens. So, if a token can only be used to pay a monthly debit to a specific merchant, then it cannot be used fraudulently to complete multiple person-to-person transactions on the same day.
It’s important to note that because an underlying unique account ID can be associated with multiple tokens supporting specific use cases, banks can tailor any controls and limits they want to put in place. If one is compromised, it can be replaced quickly and easily without affecting the primary account credentials or other associated tokens.
Tokenization as a technology is tailored to support multiple payment use cases through a single system, ensuring that emerging business models and the ability to adapt to new requirements are not constrained by an inflexible security framework. .
In addition, tokens are routed normally through payment systems and networks, so consumers and businesses can send and accept payments normally without changing permissions. Depending on the system and usage of the tokens, tokens can be formatted and validated in the same way as the original credentials, allowing uninterrupted use in an existing ecosystem to enable rapid onboarding of member financial institutions. . And for new services, the token format can be simplified for frictionless use by the consumer.
For payment account tokenization to be effective, however, the infrastructure must be implemented at a systemic level.
This means that central banks and automated clearing houses have a crucial role to play in the tokenization of account numbers and the management of the token vault, the centralized and highly secure server where issued tokens and account numbers are stored. that they represent.
The main goal of tokenization is to protect account credentials to increase security.
However, there is an opportunity for banks to take a broader view of the strategic use and potential of tokenization. Account-to-account payment services, such as mobile payments and P2P, are increasingly popular following the introduction of regulations such as PSD2. Banks can use tokenization as a way to build customer confidence through increasingly simple and transparent account-to-account payments.