The days where payment tokenization simply provides a tokenized, domain-controlled version of a payment account number appear to be diminishing fast. With international payment schemes now announcing advanced features such as agentic commerce based on verifiable credential standards, are we now on the brink of a golden age of payment tokenization? What are the implications of these new initiatives for the payment ecosystem?
What has been announced?
The recent announcement by Mastercard in their work with the FIDO Alliance and its Payments Working Group to propose new standards on verifiable credentials linked to tokenized payments is an eye-catching initiative which further extends the capabilities of the core tokenization platforms. Together with initiatives to drive tokenization adoption to 100% for eCommence transactions by 2030, payment tokenization, once the preserve of digital wallets alone, is now reaching scale.
Why is this important?
Payment tokenization programs are complex; layering technology, authentication, scheme rules and commercial frameworks, and importantly, many of the critical new product launches in recent years from the international payment schemes are based on tokenization alone.
As new products are announced at what appears to be an ever-increasing rate, it can be difficult to understand what has happened to previous product announcements. For example, what is the position of Click to Pay (SRC) within a verifiable credential world? Will verifiable credentials supersede payment passkeys, or co-exist in different use-cases? Many lessons can be learned from the successes and near-misses of the past.
Furthermore, as global security challenges arise and as the reliance on ever more complex tokenization programs increases to a material level, data residency and resilience become critical requirements for tokenization programs, particularly in an increasingly cloud-based world. How the seemingly contradictory requirements of a cloud-based scalable architecture and data-localization are met is a key focus of many new token programs.
As payment tokenization matures, new challenges arise; tokenization providers will not only compete on new programs, but also on existing ones, bringing new challenges on existing portfolio migration, particularly for programs supporting a mixture of device-based and card-on-file tokens. Reducing the potentially high risks of migration from one provider to another will be critical to achieving this successfully.
That’s not all..
Payment tokenization has strong crossovers to the emerging work on payments within identity initiatives such as the European Identity Wallet. Whilst initially appearing quite separate, the core topics of authentication, trust and assurance lie deep within both topics.
The EUDI wallet architecture (as described in the Architecture and Reference Framework) is allied to existing device-based payment tokens with the secure device storage of verifiable (payment) credentials. On-device payment credentials commonly facilitate near frictionless payment transactions through the major digital wallets.
Importantly the EUDI wallet trust framework, based on wallet secure cryptographic applications, together with the qualification and certification of wallet solutions, should enhance Issuer trust with payments made using such a wallet.
Lessons can also be learnt and synergies found from existing payment tokenization to the operational side of payments within identity wallets. For example, credential lifecycle management is an often overlooked but crucial element of current tokenization programs. The ability to provide merchants with an up-to-date payment credential linked to a payment account is a core capability and advantage of tokenization programs.
Equally, the ability to operate through payment aggregators (Issuer Token Service Providers or Token Requestor Token Service Providers) has become core to providing scale within payment tokenization; Both credential lifecycle management and aggregator enablement are important topics for Identity wallets seeking to move into payments at scale.
Our perspective.
Payment tokenization has been live for many years but is now moving from single use-cases to an essential component of global payments. At Fime, we’re ready to help you navigate through this complex landscape and support your payment projects, from compliance assessments to strategic planning.environment is changing rapidly at the global level, banks have a growing risk of disintermediation with their customers. To combat this, European cooperation is key. It will help maintain a close relationship between banks, merchants, and their end customers, and reposition European payments with strong foundation of Instant Payments.
Neil Hilton, Principal
Neil Hilton is a Principal Consultant at Consult Hyperion, consulting by Fime, specializing in digital payments, identity, and smart mobility. With extensive experience in the financial services sector, he supports a diverse range of clients, including domestic and international payment schemes, government organizations, payment processors, banks and merchants, helping them design, implement, and optimize secure and innovative payment solutions.
