The present disclosure relates to computing systems, and, in particular, to computing system supporting secure payment through tokenization.
As payments technology evolves, new types of payment systems and techniques are being used to provide increased protection against counterfeit, account misuse, and other types of fraud. One technique that has been used is known as payment tokenization, which involves substituting a payment Primary Account Number (PAN) with a payment token in the payments ecosystem. Payment tokens may be used to originate payment transactions, while non-payment tokens may be used for other purposes, such as loyalty program tracking. A payment token service provider may be authorized to provide payment tokens to token requestors, such as card on file merchants, acquirer processors, payment gateways, digital wallet providers, card issuers, and the like. The token service provider may be implemented to run on a server and to receive requests for payment tokens from one or more token requestors. For each payment token request, the token service provider generates a random payment token, which is in some cases a Bank Identification Number (BIN)/Issuer Identification Number (IIN) range that is not currently being used by any active payment card. The token may be given some expiration period and can be used in place of the PAN for a payment card until it expires.
The process of generating a token from a sensitive data element, such as a PAN, is referred to as tokenization. De-tokenization is the reverse process of redeeming a token for its associated sensitive data element. For example, de-tokenization may refer to the process of obtaining a PAN corresponding to a token.