How are your mobile payments protected?

26/10/2021

When you make mobile payments a technology is used that “disguises” your card details to prevent security problems when they are sent. This technology is called tokenisation and it is behind the mobile payment solutions banks provide, either via their own apps or wallets or via those of the mobile device manufacturers (Samsung Pay, Google Pay, Apple Pay, etc.). Tokenising consists of substituting a sensitive data element with a non-sensitive equivalent, i.e. a data element that has no meaning or value. This produces a token, which is like the chip you put into a shopping trolley instead of a real coin.

Applied to payments, it makes it possible to transform your card details (number, expiration date, CVV) into a unique random code so that the actual data are fully protected during the transaction. Thus, should they be intercepted, they cannot be decrypted and used for illegitimate ends, as they can only be used within the system for which they were generated.

  • How does it really work? Once you’ve entered your actual card details into your bank’s payment app or wallet, all communications between a retailer and the user are conducted using the token. The token is communicated to the payment provider and, within its secure ecosystem, it can identify and associate the customer’s data with this code, a process known as detokenisation. In addition, at the same time, as in any other payment transaction, it verifies that the customer has funds and authorises the transaction.
  • What is its main advantage? It stops payment data falling into the wrong hands. Retailers store less confidential customer information and customers benefit from other complementary security measures, such as encoding and encryption. In addition, tokens only work in the payment service for which they were configured, thus preventing third-party use in other digital environments.

To put it briefly, it’s a case of wrapping purchases in a further layer of security, in addition to the strict strong authentication requirements. However, remember that it doesn’t make it possible to detect whether the underlying transaction is a fraud or scam.

All this happens in under a second without you even realising when you buy online or at a physical store. Knowing what goes on behind the scenes when we use our means of payment affords us greater control and peace of mind.

Did you find this information useful?