About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
Computer Fraud and Security
Paper
A critical review of the EMV payment tokenisation specification
Abstract
The EMV Payment Tokenisation Specification diverges from existing schemes by giving tokens a uniform and interoperable format that enables them to be used during payments. When a contact chip card is used to pay at the Point Of Sale (POS) it generates a cryptogram or a cryptographic checksum providing evidence that certain keys stored in the chip were used. Many merchants allow card payments over the Internet. In some cases they store the payment information to automatically retrieve it during subsequent purchases. This facilitates the shopping process because payment information needs to be entered only once. Tokenisation consists of replacing sensitive pieces of information with less valuable representations. It has traditionally been used by some merchants to protect stored or transmitted card information.