Earlier this week, American Express (AMEX) launched its American Express Token Service. Despite what its name may suggest, AMEX isn’t making a pass at the less-than lucrative video arcade space, but rather they’re making a significant move to secure your financial transactions online.
American Express Token Service helps make transactions more secure by replacing payment card details with randomized tokens. Called “tokenization,” this practice is quickly becoming the standard method used to secure your mobile and online purchases.
If the concept of tokenization sounds familiar, it’s because the concept recently made headlines with the emergence of Apple Pay, Apple’s mobile payment solution that employs tokenization for purchases made with an iPhone 6 or iPhone 6 Plus.
So why is tokenization so great?
For as hectic as department stores can get, the payment process is usually quite simple. There is a checkout area, a retail employee, a buyer and a payment card. It’s a direct transaction, albeit a physical one. But go online and you have a more complicated process: there’s the retailer and the means to process payments (the Internet), but there are also millions of other buyers, all competing with one another for the retailer’s attention. Add in a third party payment company and delivery service, and you’ve got yourself a crowd. Unfortunately, mixed in with that crowd are some very attentive listeners, whose ears are tuned to pick out the numbers and names associated with your credit card.
Tokenization is a process where sensitive information is substituted with an insensitive doppelgänger called a “token.” This token, in the context of a payment, represents a credit card number while containing none of that card’s sensitive information. It’s like singing a particular tune to the cash register to pay, rather than shouting credit card numbers. And for each digital cash register you use, there’s a different, unique, tune created.
So what happens if a hacker intercepts your token? Nothing. Unlike if the hacker had obtained your credit card number, a token does not contain your banking info, and a hacker cannot use the token’s information outside of the retailer associated with that specific transaction. These restrictions kill the value of a stolen account. No more panicked calls to the bank and credit agencies needed.
But tokenization is still in its infancy. Many banks and retailers still need to get on board. So what can you do to protect your financial information online in the mean time? Well, there are a few options:
Shop with trusted retailers online. Scammers, always looking to make a quick buck, will be heating up their efforts as the holiday season approaches. Don’t let them trick you. Stick to retailers you’re familiar with and use comprehensive security solutions, like McAfee LiveSafe™ service, to block spam and guard against hackers.
Purchase items on a secure network only. If you’re going to shop online, especially with Cyber Monday coming up, do so safely. Only shop on a network you know is secure—which means avoiding public Wi-Fi. That way you can avoid any man-in-the-middle attacks and other maladies associated with unsecured networks.
Monitor your bank statements. Even with a tokenized service, you should check your bank statements for fraudulent or suspicious activity on a regular basis. They’re not always obvious: sometimes fraudsters charge a few dollars (or even a few cents) on your card before making larger purchases.