Payment accounts are in widespread use. At a point of sale, such accounts may be used for purchase transactions, and may be accessed by devices such as magnetic stripe cards, contactless or contact integrated circuit (IC) cards (also sometimes referred to as “smartcards”), or payment-enabled mobile devices, such as payment-enabled smartphones.
Proposals to provide payment-enabled mobile devices, with payment account information stored therein (or retrievable via the device from a remote server), have led to further proposals for “digital wallets”. With a digital wallet, the user of a payment-enabled mobile device may be permitted, perhaps at the point of sale, to select among a number of different payment accounts that have been provisioned to, or made accessible through, the device. The payment account selected from the digital wallet by the user may be used for a current purchase transaction at the point of sale.
Security for payment account numbers (sometimes called PANs—“primary account numbers”) has drawn considerable attention among payment account network operators and issuers of payment accounts. In November 2013, MasterCard International Incorporated (which is the assignee hereof), Visa and American Express jointly published an interoperability standard (hereinafter sometimes referred to as the “Tokenization Standard”) in which it was proposed that alternative numbers, in the format of account numbers, and referred to as “payment tokens”, be substituted for PANs during portions of payment account transactions and in accordance with a number of example use cases. For example, it has been proposed that payment tokens be provisioned to payment-enabled mobile devices in place of their corresponding PANs, and that the payment token be provided from the payment-enabled mobile device to a point of sale (POS) terminal The payment token would then be inserted by the POS terminal in the payment account number data field of the transaction authorization request message, which would then be routed to the merchant's acquirer bank. At a subsequent stage of the transaction flow, perhaps at the network processing stage, the payment token may be used to look up the corresponding PAN. The PAN may then be inserted in the transaction authorization request message in place of the payment token, and the request may thereafter be routed to the account issuer based on the PAN. In the language of the Tokenization Standard, the function of looking up the PAN—and inserting it in the transaction authorization request message in place of the payment token—is referred to as “de-tokenization”.
The present inventors have now recognized that it may prove to be advantageous to implement tokenization in a manner which avoids potential constraints on the number of tokens that can be generated. The present inventors have further recognized opportunities to provide enhanced security in the transmission of payment tokens or PANs in payment account systems. Still further, it has been recognized by the present inventors that opportunities exist to permit enhanced services to account holders in relation to reporting and tracking transactions charged to payment accounts.