Acceptance of payments from a mobile device will not impact TransArmor or Data Vault processing; they are complimentary transaction protection methods for handling mobile acceptance.
Most eCommerce developers are familiar with the concept of credit card vaults, which receive the PAN and replace it with a token to use instead. Many of the most popular providers use these vaults in their payment gateways including our TransArmor® and Data Vault solutions. This type lets users put credit cards on file and can be referred to as “gateway-side” tokenization. The defining characteristic of these tokens is that they’re scoped to a single merchant. They’re useful for a developer who wants to keep a credit card on file to enable low-friction transactions. But they don’t have the burden of securing and maintaining a database of PANs and the associated compliance issues.
With the onset of payments with mobile devices, a new form of tokenization emerged; one that is closely associated with EMV, and that payment networks such as Visa®, MasterCard®, Amex®, etc. built. This new form is referred to as “network-level” tokenization.
More on EMVCo specifications can be downloaded here.
Through our engagement with mobile wallet providers, we are intricately involved with network-level tokenization. Payeezy.com and, as a result, any developer coding in-app solutions on the Payeezy.com platform uses network-level tokenization.
Network-level tokens are very different. They are essentially aliases for PANs that are exchanged during an authorization by the network. In the case of the mobile wallet services, these tokens are provisioned (see below) into the device and used in authorization flows (further protected with 3-D Secure —see below).
Here’s the authorization flow when a network-side token is used:
