The Secure Remote Payment Council (SRPc) has just released its third position paper which tackles some of the issues related to tokenization, and challenges conventional thinking about the safety and security of token vaults.
By examining the role of the token service provider as currently defined, the SRPc Authentication Work Group brings to light many of the problems, inconsistencies and underlying biases with the EMVCo tokenization specifications.
In this latest document, the SRPc Authentication Work Group raises the concern that the proprietary standard for tokenization encourages a closed environment. The conclusions made by the SRPc Work Group underscore the importance of all stakeholders having an equal voice in the development of industry standards for tokenization – a theme reiterated from the Work Group’s first white paper on authentication.
The Work Group recommends a federated approach for developing tokenization standards, modeled like the ANSI and ISO standards organizations. They added that stakeholders should be able to implement any tokenization scheme that meets industry best practices, is auditable as compliant and deemed safe.
In the Call to Action, the SRPc Work Group strongly recommends the use of a hardware encryption standards and algorithms, such as AES and Triple DES, coupled with a distributed token vault solution, to ensure a robust, defensible security architecture for tokenization.
The SRPc Authentication Work Group’s mission is to collect, evaluate and comment upon common ideas, statements and positions promulgated in the payments industry related to transaction security. The Authentication Work Group is a team comprised of payment experts representing a broad cross-section of industry stakeholders.
For data, background and forecasts on the SRPc: Search CardWeb.com’s CardFlash® Library of more than 58,000 archived articles; Access CardWeb.com’s CardData® for current and historical Performance, Portfolios, Profiles, etc. Visit RAM Research® (ramresearch.com) for quarterly and annual forecasts covering more than 150 metrics. [complimentary or deeply discounted access to CardWeb.com subscribers].
Additional database resources include CardWeb.com’s CardExecs® – comings & goings of payments movers & shakers; CardWeb.com’s CardWatch® – ears & eyes on marketing globally (57K items); and CardWeb.com’s CardPixes® – form & function of card design (7K items).