A critical review of the EMV payment tokenisation specification

Abstract

The EMV Payment Tokenisation Specification diverges from existing schemes by giving tokens a uniform and interoperable format that enables them to be used during payments. When a contact chip card is used to pay at the Point Of Sale (POS) it generates a cryptogram or a cryptographic checksum providing evidence that certain keys stored in the chip were used. Many merchants allow card payments over the Internet. In some cases they store the payment information to automatically retrieve it during subsequent purchases. This facilitates the shopping process because payment information needs to be entered only once. Tokenisation consists of replacing sensitive pieces of information with less valuable representations. It has traditionally been used by some merchants to protect stored or transmitted card information.