SlideShare a Scribd company logo

Payment Tokenization

H
Hamid Ghorbani

Tokenization is a technology used by banks to protect customer data from fraud. It involves substituting sensitive data with unique, non-sensitive tokens. This makes the data less useful to hackers if accessed without context. Tokenization protects data during transactions more effectively than encryption alone by not requiring decryption of sensitive details that could be exposed. Common payment attacks like relay attacks that steal data during transactions cannot be used with tokenized data since the token cannot be used outside of its intended transaction.

Software
1 of 15
Download to read offline
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Tokenization: Tokenization is one innovative technology that banks use to protect customers from fraud. It is the process of substituting a sensitive data element with a unique non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. Tokenization is one of the simplest ways to begin to protect your customers, your business in the face of a data breach. Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored in databases and exchanged freely over networks. Since the token is not a primary account number (PAN), it can't be used outside the context of a specific unique transaction with that particular merchant. Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration. ‫توكنايزيشن‬‫كﻼهبرداري‬ ‫برابر‬ ‫در‬ ‫مشتريانشان‬ ‫از‬ ‫مواظبت‬ ‫براي‬ ‫بانكها‬ ‫كه‬ ‫است‬ ‫جديد‬ ‫و‬ ‫خﻼقانه‬ ‫تكنولوژي‬ ‫يك‬ ‫توكنايزيشن‬ .‫كنند‬ ‫مي‬ ‫استفاده‬‫اي‬ ‫پروسه‬‫مي‬ ‫جايگزين‬ ‫يكتا‬ ‫حساس‬ ‫غير‬ ‫ديتاي‬ ‫يك‬ ‫با‬ ‫حساس‬ ‫ديتاي‬ ‫آن‬ ‫در‬ ‫كه‬ ‫است‬ ‫شود‬‫توكنايزيشن‬ ‫بانكي‬ ‫هاي‬ ‫پرداخت‬ ‫زمينه‬ ‫در‬ .‫به‬‫معني‬‫جايگزين‬‫كردن‬‫اطﻼعات‬‫حساس‬‫كارت‬ ‫شماره‬ ‫مانند‬ ‫كارت‬ ‫با‬ ‫غيره‬ ‫و‬ ‫كارت‬ ‫انقضاء‬ ‫تاريخ‬ ،‫يك‬.‫باشد‬ ‫مي‬ ‫توكن‬ ‫مفهوم‬‫توكنايزيشن‬‫براي‬‫اولين‬‫بار‬‫توسﻂ‬‫انجمن‬TCH‫كه‬‫متشكل‬‫از‬22‫بانك‬‫تجاري‬‫بزرگ‬‫آمريكاست‬‫مطرح‬ ‫گرديد‬.‫اين‬‫انجمن‬‫مستندي‬‫را‬‫در‬‫سال‬2013‫بعنوان‬‫مشخصات‬‫فني‬‫توكن‬‫منتشر‬‫كرد‬‫و‬‫سﭙﺲ‬‫در‬‫نيمه‬‫اول‬‫سال‬ 2014‫نيز‬‫يك‬‫نمونه‬‫از‬‫آن‬‫را‬‫پياده‬‫سازي‬‫نمود‬.‫با‬‫توجه‬‫به‬‫محدود‬‫بودن‬‫اين‬‫انجمن‬‫به‬‫بانكهاي‬،‫عضو‬‫اين‬‫مشخصات‬ ‫بعنوان‬‫يك‬‫استاندارد‬‫جهان‬‫ي‬‫درنيامد‬‫تا‬‫آنكه‬‫سال‬2014‫كنسرسيوم‬EMVCo‫شركتهاي‬ ‫از‬ ‫متشكل‬Europay, MasterCard‫و‬Visa‫استاندارد‬‫خود‬‫را‬‫در‬‫اين‬‫زمينه‬‫منتشر‬‫نمود‬.‫اين‬‫كنسرسيوم‬‫با‬‫انتشار‬‫استاندارد‬‫فوق‬،‫الذكر‬ ‫تمام‬‫مشخصات‬‫و‬‫ملزومات‬‫فني‬‫و‬‫همچنين‬‫نقشهاي‬‫جديدي‬‫كه‬‫بايد‬‫براي‬‫ارائه‬‫سرويﺲ‬‫توكنايزيشن‬‫فراهم‬‫گردد‬‫را‬ ‫مشخﺺ‬‫كرده‬‫است‬. Detokenization: ‫دي‬‫توكنايزيشن‬‫كردن‬ ‫نگاشت‬ ‫پرداخت‬ ‫سيستم‬ ‫در‬ ‫)مثﻼ‬ ‫آن‬ ‫اصلي‬ ‫مقدار‬ ‫به‬ ‫توكن‬ ‫يك‬ ‫كردن‬ ‫نگاشت‬ ‫پروسه‬ ‫به‬ ‫توكن‬ ‫دادن‬ ‫با‬ ‫آن‬ ‫در‬ ‫كه‬ ‫است‬ ‫توكنايزيشن‬ ‫معكوس‬ ‫فرياند‬ ‫ساده‬ ‫زبان‬ ‫به‬ .‫شود‬ ‫مي‬ ‫گفته‬ (‫كارت‬ ‫شماره‬ ‫به‬ ‫توكن‬ .‫آوريم‬ ‫بدست‬ ‫را‬ ‫اصلي‬ ‫اطﻼعات‬
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid :‫پرداخت‬ ‫هاي‬ ‫روش‬ ‫مي‬ ‫كلي‬ ‫دسته‬ ‫سه‬ ‫به‬ ‫را‬ ‫بانكي‬ ‫پرداختهاي‬: ‫كرد‬ ‫تقسيم‬ ‫توان‬ 1) Online 2) Smart Phones 3) Cards :‫پرداخت‬ ‫هنگام‬ ‫در‬ ‫اطﻼعات‬ ‫از‬ ‫محافظت‬ ‫رايج‬ ‫تكنولوژيهاي‬ : ‫ميگيرد‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫اطﻼعات‬ ‫انتقال‬ ‫سازي‬ ‫ايمن‬ ‫براي‬ ‫زير‬ ‫تكنولوژي‬ ‫سه‬ ‫پرداخت‬ ‫سيستمهاي‬ ‫در‬ -tokenizaion -encryption(‫)رمزنگاري‬ -EMVCHIP‫شركت‬ ‫ستهاي‬ ‫چيپ‬ ‫تكنواوژي‬ ‫با‬ ‫بانك‬ ‫عابر‬ ‫)كارتهاي‬EMV( From a security perspective, Tokenization enhances security in an importantly different way than Encryption. While encryption is excellent to ensure confidentiality of the data encrypted, it only protects that data while it is encrypted. To be used for transaction processing, it is usually the case that the encrypted data must be decrypted to be used, and then re-encrypted to once again protect the data. Decrypted data is vulnerable to attack.
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫اول‬ ‫نگاه‬ ‫در‬ ‫اگرچه‬encryption‫و‬tokenizaion‫عمل‬ ‫در‬ ‫اما‬ .‫آيند‬ ‫مي‬ ‫حساب‬ ‫به‬ ‫رمزنگاري‬ ‫از‬ ‫فرمهايي‬ ‫دو‬ ‫هر‬ ‫روش‬ .‫هستند‬ ‫هم‬ ‫از‬ ‫متفاوتي‬ ‫كامﻼ‬ ‫روشهاي‬ ‫دو‬ ‫اين‬encryption‫كليد‬ ‫از‬ ‫استفاده‬ ‫با‬،‫شود‬ ‫مي‬ ‫رمز‬ ‫نظر‬ ‫مورد‬ ‫ديتاي‬ ‫روش‬ ‫در‬ ‫اما‬tokenization.‫شود‬ ‫مي‬ ‫منتقل‬ ‫رمز‬ ‫غير‬ ‫و‬ ‫آشكار‬ ‫متن‬ ‫بصورت‬ ‫ديتا‬ ‫كل‬ : ‫پرداخت‬ ‫قديمي‬ ‫هاي‬ ‫روش‬ ‫در‬ ‫برداري‬ ‫كﻼه‬ ‫امكان‬ Payements, using traditional credit cards or even contactless cards, are often at risk of attack. For example, the reality is that credit cards cannot prevent Point-of-Sale (PoS) terminal attacks. The chip- on-card makes it extremely difficult for criminals to manufacture counterfeit credit cards using stolen data thus reducing counterfeit and lost or stolen card fraud. But that doesn’t protect these cards from other types of attacks, particularly those that look to steal data during a transaction. One common contactless attack is the relay attack. The attack chain consists of:  A relay reader device called a mole, which is placed in close proximity to the card being attacked.  A card emulator device called a proxy, which is used to communicate with the PoS terminal.  A fast communication channel between the relay and the proxy. ‫استف‬‫اده‬‫از‬‫كارتهاي‬‫كه‬ ‫است‬ ‫اين‬ ‫واقعيت‬ .‫است‬ ‫بوده‬ ‫روبرو‬ ‫هكرها‬ ‫حمله‬ ‫ريسك‬ ‫با‬ ‫همواره‬ ‫اعتباري‬ ‫كارتهاي‬ ‫ستني‬ ‫استف‬ ‫البته‬ .‫شوند‬ ‫پوز‬ ‫ترمينالهاي‬ ‫به‬ ‫حمله‬ ‫از‬ ‫جلوگيري‬ ‫باعث‬ ‫توانند‬ ‫نمي‬ ‫كارتهاي‬‫اده‬‫از‬‫كارتهاي‬‫مبتني‬‫بر‬EMV Chip‫ميتواند‬‫ك‬ ‫تر‬ ‫سخت‬ ‫جاعلين‬ ‫براي‬ ‫را‬ ‫شده‬ ‫دزديه‬ ‫يا‬ ‫گمشده‬ ‫كارتهاي‬ ‫جعل‬ ‫كار‬‫ند‬‫و‬‫امكان‬‫جعل‬‫كارت‬‫را‬ ‫كاهش‬،‫دهد‬‫اما‬‫بكارگيري‬‫اين‬،‫فناوري‬‫كاهش‬‫تقلبهاي‬‫غيركارتي‬‫و‬‫امنيت‬‫محيطهاي‬‫نوظهور‬‫كه‬‫از‬‫كانالهاي‬‫پرداخت‬ ‫گوناگون‬‫است‬‫ف‬‫اده‬‫ميكنند‬‫تراكنش‬ ‫انجام‬ ‫هنگام‬ ‫اطﻼعات‬ ‫دزدي‬ ‫بخصوص‬‫را‬‫پوشش‬‫نمي‬.‫دهد‬‫روشهاي‬ ‫از‬ ‫يكي‬
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫حمله‬ ‫به‬ ،‫پرداخت‬ ‫دستگاههاي‬ ‫با‬ ‫تماس‬ ‫بدون‬ ‫حمله‬ ‫معروف‬relay‫دستگاه‬ ‫يك‬ ‫شامل‬ ‫حمله‬ ‫اين‬ .‫باشد‬ ‫مي‬ ‫معروف‬ ‫بنام‬mole‫به‬ ‫كه‬ ‫كارت‬ ‫ساز‬ ‫شبيه‬ ‫دستگاه‬ ‫يك‬ ‫و‬ (‫شود‬ ‫مي‬ ‫استفاده‬ ‫حمله‬ ‫مورد‬ ‫كارت‬ ‫اطﻼعات‬ ‫خواندن‬ ‫براي‬ ‫)كه‬ proxy‫ارت‬ ‫شبكه‬ ‫يك‬ ‫و‬ ‫رود‬ ‫مي‬ ‫كار‬ ‫به‬ ‫پوز‬ ‫با‬ ‫ارتباط‬ ‫براي‬ ‫و‬ ‫است‬ ‫معروف‬.‫شود‬ ‫مي‬ ‫دو‬ ‫اين‬ ‫بين‬ ‫سريع‬ ‫باطي‬ ‫در‬‫چنين‬‫شرايطي‬‫سي‬‫ستمهاي‬‫ن‬‫شانگذاري‬،‫پرداخت‬‫با‬‫جايگزين‬‫كردن‬‫شماره‬‫كارت‬‫با‬‫توكن‬ ‫يك‬‫قادرند‬‫بدست‬ ‫از‬ ‫مانع‬ ‫شوند‬ ‫كارت‬ ‫حقيقي‬ ‫اطﻼعات‬ ‫اوردن‬. : ‫است‬ ‫شده‬ ‫داده‬ ‫نشان‬ ‫كﻼهبرداري‬ ‫عمده‬ ‫روش‬ ‫سه‬ ‫نيز‬ ‫زير‬ ‫شكل‬ ‫در‬
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫توكن‬‫دقيقا‬‫چيست‬‫اطﻼعات‬ ‫از‬ ‫محافظت‬ ‫باعث‬ ‫چگونه‬ ‫و‬‫كارت‬‫شود‬ ‫مي‬‫؟‬ ‫كه‬ ‫هنگامي‬ ‫و‬ ‫شود‬ ‫مي‬ ‫استفاده‬ ‫بانكي‬ ‫كارت‬ ‫شماره‬ ‫مثﻼ‬ ‫جاي‬ ‫به‬ ‫كه‬ ‫است‬ ‫يكتا‬ ‫عددي‬ ‫مقدار‬ ‫يك‬ ‫معموﻻ‬ ‫توكن‬ ‫دزديه‬ ‫توكن‬ ‫كه‬ ‫صورتي‬ ‫در‬ .‫ميگيرد‬ ‫قرار‬ ‫كارت‬ ‫شماره‬ ‫جاي‬ ‫به‬ ‫شود‬ ‫مي‬ ‫ارسال‬ ‫اينترنت‬ ‫شبكه‬ ‫در‬ ‫پرداخت‬ ‫اطﻼعات‬ ‫تواند‬ ‫نمي‬ ‫توكن‬ ‫طريق‬ ‫از‬ ‫سارق‬ ‫زيرا‬ ‫بود‬ ‫خواهد‬ ‫ارزش‬ ‫بي‬ ‫مقدار‬ ‫يك‬ ‫شود‬.‫بياورد‬ ‫بدست‬ ‫را‬ ‫كارت‬ ‫شماره‬‫مقادير‬ ‫شده‬ ‫نگاري‬ ‫رمز‬ ‫غير‬ ‫يا‬ ‫شده‬ ‫رمزنگاري‬ ‫بصورت‬ ‫تواند‬ ‫مي‬ ‫و‬ ‫باشد‬ ‫مي‬ ‫متنوع‬ ‫بسيار‬ ‫توكن‬ ‫فرمت‬ ‫نظر‬ ‫از‬ ‫توكن‬ ‫يك‬ .‫باشد‬ :‫توكن‬ ‫هاي‬ ‫قابليت‬ -.‫شود‬ ‫نگاشت‬ ‫مختلف‬ ‫استفاده‬ ‫براي‬ ‫مختلفي‬ ‫هاي‬ ‫توكن‬ ‫به‬ ‫است‬ ‫ممكن‬ ‫كارت‬ ‫شماره‬ ‫يك‬ -‫يك‬ ‫مختﺺ‬ ‫است‬ ‫ممكن‬ ‫ها‬ ‫توكن‬Merchant‫خاص‬ ‫دستگاه‬ ‫يا‬ ‫كانال‬ ، (‫پوز‬ ‫دستگاه‬ ‫صاحب‬ ‫يا‬ ‫)فروشنده‬ ‫شوند‬ ‫توليد‬ ‫خاص‬ ‫دستگاه‬ ‫يا‬ ‫كانال‬ ‫يا‬ ‫فروشنده‬ ‫يك‬ ‫براي‬ ‫خاص‬ ‫بطور‬ ‫يعني‬ ،‫باشند‬. -‫را‬ ‫ها‬ ‫توكن‬‫توان‬ ‫مي‬.‫كرد‬ ‫توليد‬ ‫مصرف‬ ‫بار‬ ‫چند‬ ‫يا‬ ‫مصرف‬ ‫يكبار‬ ‫بصورت‬‫هر‬ ‫به‬ ‫توكن‬ ‫اگر‬ ،‫روش‬ ‫اين‬ ‫در‬ ‫توكن‬ ‫اينكه‬ ‫بدليل‬ ،‫شود‬ ‫دزديده‬ ‫دليلي‬‫تعيين‬ ‫محيﻂ‬ ‫از‬ ‫خارج‬ ‫و‬ ‫اند‬ ‫شده‬ ‫طراحي‬ ‫خاصي‬ ‫محيﻂ‬ ‫اساس‬ ‫بر‬ ‫ها‬ .‫باشد‬ ‫مي‬ ‫كمتر‬ ‫بسيار‬ ‫برداري‬ ‫كﻼه‬ ‫امكان‬ ،‫نيستند‬ ‫استفاده‬ ‫قابل‬‫هاي‬ ‫توكن‬ ‫به‬ ‫كارت‬ ‫شماره‬ ‫يك‬ ‫زير‬ ‫شكل‬ ‫در‬ .‫هستند‬ ‫استفاده‬ ‫قابل‬ ‫خاصي‬ ‫محيﻂ‬ ‫براي‬ ‫كدام‬ ‫هر‬ ‫كه‬ ‫شده‬ ‫نگاست‬ ‫مختلفي‬
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫توكن‬ ‫مختلف‬ ‫انواع‬: ‫دست‬ ‫سه‬ ‫به‬ ‫را‬ ‫ها‬ ‫توكن‬‫ه‬‫زير‬.‫كرد‬ ‫تقسيم‬ ‫توان‬ ‫مي‬ - Acquirer Token - Issuer Token - Payment Token Acquiring tokens: Acquiring tokens replace card data with a substitute value and are created after a cardholder presents the card. There are many types of acquiring tokens that are effective in both brick and mortar and e- commerce channels. These tokens may be provided by acquirers, processors, gateways, terminal vendors, financial technology (fintech) companies, or may be generated directly by a merchant. An acquiring token is generally not a form of payment but is used for critical business functions where the merchant does not need to know the original PAN. Had the above merchant been using acquiring tokens for its loyalty system, the card data would not have been available to the attackers when they first accessed that database. ‫توكنهاي‬) ‫پذيرندگي‬Acquirer Token() ‫پوز‬ ‫دستگاه‬ ‫صاحب‬ ‫و‬ ‫فروشنده‬ ‫بين‬ ‫بسته‬ ‫محيﻂ‬ ‫در‬ ‫كه‬Merchant‫و‬ ( ) ‫پذيرنده‬acquirer‫فر‬ ‫محيﻂ‬ ‫از‬ ‫حساس‬ ‫ديتاي‬ ‫حذف‬ ‫براي‬ ‫و‬ ‫شود‬ ‫مي‬ ‫استفاده‬ (.‫شود‬ ‫مي‬ ‫استفاده‬ ‫وشنده‬‫توكن‬ ‫اين‬ .‫شوند‬ ‫توليد‬ ‫فروشنده‬ ‫توسﻂ‬ ‫مستقيما‬ ‫يا‬ ‫تك‬ ‫فين‬ ‫شركتهاي‬ ،‫پذيرنده‬ ‫توسﻂ‬ ‫است‬ ‫ممكن‬ ‫ها‬‫استاندارد‬ ‫اساس‬ ‫بر‬(PCI Data Security Standard) PCI DSS‫پذيرندگان‬‫به‬‫جاي‬‫ذخيره‬PAN‫مشتريانشان‬‫در‬‫سيستم‬‫هاي‬‫بازاريابي‬ ‫خود‬ ‫واسﻂ‬ ‫و‬‫مقادير‬‫جايگزين‬‫همان‬ ‫يا‬‫توكن‬‫ذخيره‬ ‫سيستمها‬ ‫آن‬ ‫در‬ ‫را‬‫مي‬‫ك‬.‫نند‬‫روشهاي‬‫متعددي‬‫جهت‬‫ايجاد‬‫اين‬ ‫توكنها‬‫مورد‬‫استفاده‬‫قرار‬‫ميگيرند‬،‫همچون‬‫استفاده‬‫از‬‫اعداد‬‫تصادفي‬‫و‬‫يا‬‫روشهاي‬‫بهم‬.‫ريختگي‬‫اينگونه‬‫توكن‬‫ها‬ ‫نمي‬‫توانند‬‫جهت‬‫ايجاد‬‫يك‬‫تراكنش‬‫مورد‬‫استفاده‬‫قرار‬‫گيرند‬‫و‬‫در‬‫صورت‬،‫ضرورت‬‫بايد‬‫ابتدا‬PAN‫بازيابي‬‫شود‬ (De-Tokenization)‫و‬‫سﭙﺲ‬‫تراكنش‬‫ايجاد‬.‫شود‬‫البته‬‫نكته‬‫بسيار‬‫مهم‬‫اينست‬‫كه‬‫بازيابي‬PAN‫از‬‫روي‬‫توكن‬ ‫بصورت‬‫الگوريتميك‬‫امكانﭙذير‬‫نيست‬‫و‬‫صرفا‬‫از‬‫طريق‬‫يك‬‫جدول‬‫تناظر‬‫بدست‬‫خواهد‬‫آمد‬‫و‬‫اين‬‫جدول‬‫صرفا‬‫در‬ ‫محيطي‬‫ذخيره‬‫ميشود‬‫كه‬‫با‬‫الزامات‬PCI DSS‫سازگار‬‫باشد‬.
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Issuer Token: Issuer tokens are issuer-created account number replacements, often deployed as one-time-account numbers, also called one-time use virtual cards. These are used in unique scenarios where it is desirable to limit an account number to a single use, a set dollar amount, or even a specific merchant. These types of tokens are generated by an issuer or on behalf of an issuer. These tokens are often used in the travel industry and the merchant is not always aware that they are receiving an issuing token as it works like a regular PAN today. Because of this inability to distinguish between PANs and issuer tokens, merchants should always treat these tokens as if they were regular unprotected card data. (Note: As Issuing tokens are a special use case and not in the merchant domain of control, they are not referenced in the illustrations above.) ‫توكن‬‫هاي‬‫صادركنندگي‬‫حسابهايي‬ ‫شماره‬ ‫حقيقت‬ ‫در‬ ،‫هستند‬ ‫معروف‬ ‫مصرف‬ ‫بار‬ ‫يك‬ ‫مجازي‬ ‫كارتهاي‬ ‫شماره‬ ‫به‬ ‫كه‬ ‫عنوان‬ ‫به‬ ‫و‬ ‫شوند‬ ‫مي‬ ‫توليد‬ ‫پذيرنده‬ ‫طرف‬ ‫از‬ ‫كه‬ ‫هستند‬.‫گيرند‬ ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫مصرف‬ ‫بار‬ ‫يك‬ ‫حسابهاي‬ ‫شماره‬ ‫يك‬ ‫شبيه‬ ‫و‬ ‫گيرند‬ ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫گردشگري‬ ‫صنعت‬ ‫در‬ ‫اغلب‬ ‫ها‬ ‫توكن‬ ‫اين‬PAN‫دليل‬ ‫به‬ ‫هستندو‬ ‫معمولي‬ ‫يك‬ ‫از‬ ‫ها‬ ‫توكن‬ ‫اين‬ ‫تشخيﺺ‬ ‫در‬ ‫توانايي‬ ‫عدم‬ ‫همين‬PAN‫كارتهايي‬ ‫عنوان‬ ‫به‬ ‫آنها‬ ‫با‬ ‫بايد‬ ‫هميشه‬ ‫ها‬ ‫فروشنده‬ ،‫حقيقي‬ ‫با‬.‫كنند‬ ‫برخورد‬ ‫نشده‬ ‫محافظت‬ ‫ديتاي‬ Payment Token Payment tokens are used to make a payment. Unlike acquiring tokens, the payment token, is used in place of the regular PAN. Payment token presentment usually occurs through a digital wallet contained on a smartphone or smart device. Payment tokens are also used for card-on-file transactions where a merchant may replace a database of recurring payment data with payment tokens. Inherently, payment tokens have a higher degree of security than acquiring tokens since the original cardholder data is not exposed inside of the merchant’s environment. Payment tokens are designed to be of such a low value to criminals, that the tokens do not require PCI DSS protection when used with dynamic cryptograms and/or domain controls. If the merchant had an acceptance channel that utilized payment tokens, the attacker would likely prefer to focus his efforts on another channel or another target altogether. ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫پرداخت‬ ‫يك‬ ‫ايجاد‬ ‫براي‬ ‫پرداخت‬ ‫هاي‬ ‫توكن‬.‫گيرند‬‫برخﻼف‬‫توكن‬ ، ‫پذيرندگي‬ ‫هاي‬ ‫توكن‬ ‫كارت‬ ‫شماره‬ ‫جايگزين‬ ‫عنوان‬ ‫به‬ ‫پرداخت‬ ‫هاي‬(PAN).‫گيرند‬ ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬‫برنامه‬ ‫در‬ ‫معموﻻ‬ ‫ها‬ ‫توكن‬ ‫اين‬ ‫گردند‬ ‫مي‬ ‫ذخيره‬ ‫شده‬ ‫نصب‬ ‫امروزي‬ ‫هوشمند‬ ‫گوشي‬ ‫در‬ ‫كه‬ ‫پولي‬ ‫كيف‬ ‫هاي‬.‫تراكنهساي‬ ‫براي‬ ‫همچنين‬ ‫ها‬ ‫توكن‬ ‫اين‬ card on file.‫گيرند‬ ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫نيز‬‫هاي‬ ‫توكن‬ ‫به‬ ‫نسبت‬ ‫باﻻتري‬ ‫امنيت‬ ‫از‬ ‫ذاتي‬ ‫بصورت‬ ‫ها‬ ‫توكن‬ ‫اين‬
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid .‫شود‬ ‫نمي‬ ‫ارسال‬ ‫ها‬ ‫فروشنده‬ ‫محيﻂ‬ ‫به‬ ‫كارت‬ ‫اصلي‬ ‫ديتاي‬ ‫اينكه‬ ‫دليل‬ ‫به‬ .‫هستند‬ ‫برخوردار‬ ‫پذيرندگي‬‫سه‬ ‫زير‬ ‫جدول‬ :‫كند‬ ‫مي‬ ‫مقايسه‬ ‫هم‬ ‫با‬ ‫را‬ ‫شده‬ ‫ذكر‬ ‫روش‬ ‫ك‬ ‫هر‬ ‫كه‬ ‫دهد‬ ‫مي‬ ‫نشان‬ ‫زير‬ ‫شكل‬:‫گيرند‬ ‫مي‬ ‫بر‬ ‫در‬ ‫را‬ ‫پرداخت‬ ‫سيستم‬ ‫از‬ ‫بخش‬ ‫كدام‬ ‫اطﻼعات‬ ‫محافظت‬ ‫روشهاي‬ ‫از‬ ‫دام‬
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫استاندارد‬EMV‫براي‬payment Token: EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. Today there are EMV® Specifications based on contact chip, contactless chip, EMV® 2nd Generation, Common Payment Application (CPA), card personalisation, Payment Tokenisation, and 3-D Secure. EMV cards are smart cards (also called chip cards or IC cards) that store their data on integrated circuits in addition to magnetic stripes (for backward compatibility). EMV stands for Europay, MasterCard, and Visa, the three companies that originally created the standard. The standard is now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover. In March 2014, EMVCo LLC released its first payment tokenization specification for EMV. ‫شركت‬ ‫تاسيﺲ‬ ‫از‬ ‫هدف‬EMV‫امن‬ ‫تراكنشهاي‬ ‫انجام‬ ‫در‬ ‫شركتها‬ ‫و‬ ‫بانكها‬ ‫بين‬ ‫همكاري‬ ‫تسهيل‬ ‫براي‬ ‫بستري‬ ‫ايجاد‬ ، .‫است‬ ‫آورده‬ ‫بوجود‬ ‫را‬ ‫استانداردهايي‬ ،‫پرداخت‬ ‫سيستم‬ ‫مختلف‬ ‫بخشهاي‬ ‫در‬ ‫شركت‬ ‫اين‬ ‫منظور‬ ‫اين‬ ‫براي‬ .‫باشد‬ ‫مي‬ ‫استانداردهاي‬EMV‫شامل‬:‫باشد‬ ‫مي‬ ‫زير‬ ‫موارد‬ contact chip, contactless chip, EMV 2nd Generation, Common Payment Application (CPA), card personalisation, Payment Tokenisa on, and 3-D Secure ‫شركت‬EMV‫شركتهاي‬ ‫از‬ ‫كنسرسيومي‬ ‫از‬ ‫متشكل‬ ‫كه‬Visa, Master‫و‬Europay‫ديگر‬ ‫شركت‬ ‫چند‬ ‫و‬‫در‬ ،‫باشد‬ ‫مي‬ ‫سال‬2014‫خود‬ ‫استاندارد‬ ‫از‬ ‫نسخه‬ ‫اولين‬‫توكنايزيشن‬ ‫مورد‬ ‫در‬‫را‬.‫كرد‬ ‫ارائه‬
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Payment Token Issuance & Provisioning: Payment Tokens SHALL be issued through the response to the Token Request from only a registered Token Requestor recognised by the Token Service Provider with a valid Token Requestor ID. Payment Token Requests SHALL be subject to a designated ID&V assurance method based on the Requested Assurance Level agreed to by the Token Requestor and the Token Service Provider. Payment Token issuance may also involve provisioning of the Payment Token to the Token Requestor. Payment Token provisioning occurs after the Payment Token has been generated and the assurance steps are completed. The methodologies associated with the provisioning may be proprietary to each Token Service Provider and are outside the scope of this specification. Payment Token provisioning is performed through an interface between the Token Requestor and the Token Service Provider. Token Service Providers may also opt to implement Payment Token issuance and provisioning through the use of specially designated and flagged ISO 8583-based authorisation request messages to perform the Payment Token Request and transport ID&V information to the Token Service Provider for subsequent processing. In such a case, ISO 8583-based authorisation response messages can be used to return the Payment Token and associated Token Expiry Date back to the Token Requestor. :‫پرداخت‬ ‫توكن‬ ‫اعطاي‬ ‫و‬ ‫صدور‬ ‫با‬ ‫مطابق‬ ‫كه‬ ‫تراكنشي‬ ‫انجام‬ ‫براي‬‫استاندار‬‫د‬‫توكنايزيشن‬EMVCo‫شماره‬ ‫جاي‬ ‫به‬ ‫يعني‬ ،‫باشد‬PAN‫توكن‬ ‫يك‬ ‫از‬ ، .‫نماييم‬ ‫تهيه‬ ‫پرداخت‬ ‫توكن‬ ‫يك‬ ‫بايد‬ ‫ابتدا‬ ‫شود‬ ‫استفاده‬ ‫تراكنش‬ ‫انجام‬ ‫براي‬ ‫پرداخت‬‫فر‬‫ا‬‫يند‬‫صدور‬‫توكن‬‫د‬‫ر‬‫ابتداي‬ ‫استفاده‬‫از‬‫سيستم‬‫پرداخت‬‫ا‬‫انقضا‬ ‫از‬ ‫پﺲ‬ ،‫بايد‬ ‫شده‬ ‫تعريف‬ ‫انقضا‬ ‫تاريخ‬ ‫توكن‬ ‫براي‬ ‫اگر‬ .‫شود‬ ‫مي‬ ‫نجام‬، ‫ء‬‫سيستم‬ ‫تق‬ ‫مجددا‬‫ا‬:‫است‬ ‫شده‬ ‫داده‬ ‫نشان‬ ‫زير‬ ‫شكل‬ ‫در‬ ‫توكن‬ ‫درخواست‬ ‫فرايند‬ .‫كرد‬ ‫خواهد‬ ‫جديد‬ ‫توكن‬ ‫ضاي‬ ‫با‬ ‫ابتدا‬ .‫داريم‬ ‫پرداخت‬ ‫انجام‬ ‫قصد‬ ‫موبالمان‬ ‫روي‬ ‫بر‬ ‫شده‬ ‫نصب‬ ‫پول‬ ‫كيف‬ ‫اپ‬ ‫از‬ ‫استفاده‬ ‫با‬ ‫ميخواهيم‬ ‫كنيد‬ ‫فرض‬ ‫شماره‬ ‫كردن‬ ‫وارد‬PAN‫سامانه‬ ‫به‬ ‫درخواست‬ ‫يك‬ ‫پول‬ ‫كيف‬ ‫اپ‬ .‫كنيم‬ ‫مي‬ ‫توكن‬ ‫دريافت‬ ‫تقاضاي‬ ‫برنامه‬ ‫در‬Token
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Requestor‫سامانه‬ .‫است‬ ‫شده‬ ‫ناميده‬ ‫دنا‬ ‫سامانه‬ ،‫مركزي‬ ‫بانك‬ ‫توسﻂ‬ ‫سامانه‬ ‫اين‬ .‫كند‬ ‫مي‬ ‫ارسال‬Token Requestor ‫به‬ ‫درخواست‬ ‫يك‬ ‫گرفته‬ ‫ما‬ ‫از‬ ‫را‬ (‫ديگر‬ ‫هويت‬ ‫احراز‬ ‫اطﻼعات‬ ‫و‬ ‫كارت‬ ‫رمز‬ ‫و‬ ‫كارت‬ ‫كارت)شماره‬ ‫اطﻼعات‬ ‫كه‬ ‫توكن‬ ‫سرويﺲ‬ ‫دهنده‬ ‫ارائه‬ ‫سامانه‬Token Service Provider (TSP)‫مركزي‬ ‫بانك‬ ‫توسﻂ‬ ‫سمانه‬ ‫اين‬ .‫كند‬ ‫مي‬ ‫ارسال‬ .‫است‬ ‫شده‬ ‫ناميده‬ ‫سهند‬‫سامانه‬TSP‫كنن‬ ‫صادر‬ ‫بانك‬ ‫با‬ ‫ارتباط‬ ‫از‬ ‫بعد‬‫وارد‬ ‫اطﻼعات‬ ‫صحت‬ ‫از‬ ‫اطمينان‬ ‫و‬ ‫كارت‬ ‫ده‬ ‫يا‬ ‫شده‬)ID&V(Identfication & Verification‫شماره‬ ‫همراه‬ ‫به‬ ‫و‬ ‫توليد‬ ‫را‬ ‫توكن‬ ،PAN‫در‬‫با‬ ‫متمركز‬ ‫سيستم‬ ‫يك‬ ‫آن‬ ‫به‬ ‫كه‬ ‫شوند‬ ‫مي‬ ‫نگاشته‬ ‫و‬ ‫ذخيره‬ ،‫توليد‬ ،‫باﻻ‬ ‫امنيت‬Token vault.‫شود‬ ‫مي‬ ‫گفته‬‫سامانه‬Token Vault‫توسﻂ‬ ‫مركزي‬ ‫بانك‬‫مانا‬‫است‬ ‫شده‬ ‫ناميده‬.‫ذخيره‬ ‫اپ‬ ‫در‬ ‫و‬ ‫شده‬ ‫برگردانده‬ ‫پول‬ ‫كيف‬ ‫اپ‬ ‫سمت‬ ‫به‬ ‫شده‬ ‫توليد‬ ‫توكن‬ ‫سﭙﺲ‬ .‫شود‬ ‫مي‬‫توكن‬‫صادر‬‫شده‬‫همانند‬‫داراي‬ ،‫كارت‬‫تاريخ‬‫انقضا‬‫ء‬‫باشد‬ ‫مي‬.‫تاريخ‬‫انقضاي‬‫توكن‬‫نمي‬‫تواند‬‫بيشتر‬‫از‬ ‫تاريخ‬‫انقضاي‬PAN‫متناظر‬‫باشد‬.‫براي‬ ‫نيز‬ ‫مختلفي‬ ‫هاي‬ ‫توكن‬ ،‫مختلف‬ ‫هاي‬ ‫محيﻂ‬ ‫به‬ ‫توجه‬ ‫با‬ ‫توان‬ ‫مي‬ ‫همچنين‬ ‫يك‬PAN‫كار‬ ‫اين‬ ‫با‬ ،‫كرد‬ ‫صادر‬‫باﻻ‬ ‫نيز‬ ‫توكن‬ ‫از‬ ‫استفاده‬ ‫امنيت‬.‫رود‬ ‫مي‬ ‫تر‬‫صد‬ ‫از‬ ‫بعد‬‫توكن‬ ‫ور‬،‫هر‬‫جا‬‫كه‬‫نيازي‬‫به‬ PAN،‫باشد‬‫توكني‬‫كه‬‫در‬‫اين‬‫مرحله‬‫صادر‬‫شده‬‫است‬‫جايگزين‬‫آن‬‫ميگردد‬. How does a transaction work: A scenario: STEP1: A consumer purchases goods or services from the merchant. In order to make the purchase, they would have to swipe, insert (for chip cards), or tap (for eWallets like Apple Pay) a valid credit cards to complete their payment. STEP 2: There are a variety of ways to transmit the information to the acquiring bank: - Standard terminal. The sales authorization request is submitted through a standard phone line connection to the acquiring bank. - IP terminal. The sales authorization request is submitted through an internet connection to the acquiring bank with a specially designed terminal. - Processing software. The sales authorization request is submitted through an internet connection to the acquiring bank using computer software (such as PC Charge) and a small magnetic stripe reader. No traditional terminal is needed. - Payment Processing Gateway. The sales authorization request is submitted through an automated internet website, which communicates with the acquiring bank. STEP 3: The acquiring bank routes the transaction to a processor and then to the associations – either Visa, MasterCard or Discover.
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid STEP 4: The association system then routes the transaction to the issuing bank and requests an approval. STEP 5: The issuing bank sends back the response. If the cardholder is approved the issuing bank assigns and transmits the authorization code back to the association. STEP 6: The authorization code is sent from the card association to the acquiring bank. STEP 7: The acquiring bank routes the approval code or response to the merchant terminal. Depending on the merchant or transaction type, the merchant terminal may print a receipt for the cardholder to sign, which obligates the cardholder to pay the amount approved. STEP 8: The issuing bank bills the consumer . STEP 9: The consumer pays the bill to Issuing bank. ‫شكل‬ ‫در‬ ‫كه‬ ‫همانطور‬‫باﻻ‬‫موجود‬ ‫روشهاي‬ ‫از‬ ‫يكي‬ ‫از‬ ‫استفاده‬ ‫با‬ ‫ابتدا‬ ،‫پرداخت‬ ‫تراكنش‬ ‫يك‬ ‫انجام‬ ‫براي‬ ،‫پيداست‬ ‫پذيرنده‬ ‫سمت‬ ‫به‬ ‫تراكنش‬ ‫اطﻼعات‬ .‫كنيم‬ ‫مي‬ ‫آغاز‬ ‫را‬ ‫خود‬ ‫تراكنش‬ (‫فروشنده‬ ‫اپ‬ ‫يا‬ ‫سايت‬ ‫وب‬ ، ‫پوز‬ ‫از‬ ‫)استفاده‬ )acquirer‫توجه‬ ‫با‬ ‫پرداخت‬ ‫شبكه‬ ‫در‬ .‫شود‬ ‫مي‬ ‫ارسال‬ ‫پرداخت‬ ‫شبكه‬ ‫به‬ ‫آنجا‬ ‫از‬ ‫و‬ ‫ارسال‬ (‫درخواست‬ ،‫كارت‬ ‫شماره‬ ‫به‬ ‫صورت‬ ‫در‬ ‫سﭙﺲ‬ ‫و‬ ‫شود‬ ‫مي‬ ‫انجام‬ ‫كارت‬ ‫كننده‬ ‫صادر‬ ‫بانك‬ ‫از‬ ‫اطﻼعات‬ ‫صحت‬ ‫بررسي‬‫ص‬‫شبكه‬ ‫اطﻼعات‬ ‫بودن‬ ‫حيح‬ ) ‫فروشنده‬ ‫سمت‬ ‫به‬ ‫را‬ ‫نتيجه‬ ‫و‬ ‫تكميل‬ ‫را‬ ‫تراكنش‬ ‫پرداخت‬merchant.‫كند‬ ‫مي‬ ‫ارسال‬ (
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid How does a tokenized transaction work: The following steps explain the flow of the standard Payment Token data fields in the authorisation message when a mobile device is used to present the Payment Token at the point of sale: 1. The mobile device will interact with the Merchant terminal, and pass the following key Payment Token data elements to the Merchant terminal. Payment Token will be passed in the existing PAN field and Token Expiry Date will be passed in the PAN Expiry Date field. 2. The Merchant terminal will pass the authorisation request to the Acquirer, carrying all the standard Payment Token fields as shown in the previous figure. 3. The Acquirer will perform standard processing checks, and pass the Payment Token data fields to the Payment Network. 4. The Payment Network will interface with the Token Service Provider to validate the Token, validate the Token Domain Restriction Controls, retrieve the PAN and verify the state of the Payment Token to PAN mapping in the Token Vault for the active Payment Token, and other controls that may be defined for that Payment Token. 5. The Payment Network will replace Payment Token and Token Expiry Date with PAN and PAN Expiry Date and will send the authorisation request to the Card Issuer,for authorization. 6. The Card Issuer completes the account-level validation and the authorisation checks, and sends an authorisation response to the Payment Network. 7. The Payment Network will replace the PAN with the Payment Token based on the mapping, and will pass it to the Acquirer as part of the authorisation response, in addition to other standard data elements. 8. The Acquirer will pass the authorisation response to the Merchant. 9. The consumer will be notified of the success or failure of the transaction.
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ،‫باﻻ‬ ‫شكل‬ ‫به‬ ‫توجه‬ ‫با‬‫پرداخت‬ ‫تراكنش‬ ‫يك‬ ‫انجام‬ ‫براي‬‫توكن‬‫ا‬‫شده‬ ‫يز‬‫موجود‬ ‫روشهاي‬ ‫از‬ ‫يكي‬ ‫از‬ ‫استفاده‬ ‫با‬ ‫ابتدا‬ ، ‫از‬ ‫)استفاده‬‫اپ‬‫يا‬ ‫پول‬ ‫كيف‬‫گوش‬ ‫كردن‬ ‫نزديك‬‫ي‬‫دستگاه‬ ‫به‬NFC‫تراكنش‬ ‫اطﻼعات‬ .‫كنيم‬ ‫مي‬ ‫آغاز‬ ‫را‬ ‫خود‬ ‫تراكنش‬ ( ،‫نيست‬ ‫موجود‬ ‫آن‬ ‫در‬ ‫مشتري‬ ‫كارت‬ ‫اطﻼعات‬ ‫و‬ ‫شده‬ ‫ساخته‬ ‫توكن‬ ‫از‬ ‫استفاده‬ ‫با‬ ‫اينبار‬ ‫كه‬‫از‬‫سمت‬‫فروشنده‬ )Mrechant() ‫پذيرنده‬ ‫سمت‬ ‫به‬acquirer‫شود‬ ‫مي‬ ‫ارسال‬ ‫پرداخت‬ ‫شبكه‬ ‫به‬ ‫آنجا‬ ‫از‬ ‫و‬ ‫ارسال‬ (‫سﭙﺲ‬ ،‫اطﻼعات‬ ‫سمت‬ ‫به‬ ‫توكن‬) ‫توكن‬ ‫سرويﺲ‬ ‫دهنده‬ ‫ارائه‬ ‫سيستم‬TSP(‫سيستم‬ ،‫شود‬ ‫مي‬ ‫ارسال‬TSP‫بودن‬ ‫معتبر‬ ‫بررسي‬ ‫از‬ ‫بعد‬ ‫شده‬ ‫گرفته‬ ‫نظر‬ ‫در‬ ‫امنيتي‬ ‫تمهيدات‬ ‫ساير‬ ‫و‬ ‫آن‬ ‫انتقضاي‬ ‫تاريخ‬ ‫و‬ ‫توكن‬)‫شده‬ ‫استفاده‬ ‫محيﻂ‬ ‫به‬ ‫توكن‬ ‫تعلق‬ ‫مانند‬( ‫شبكه‬ ‫اختيار‬ ‫در‬ ‫و‬ ‫استخراج‬ ‫را‬ ‫توكن‬ ‫با‬ ‫متناظر‬ ‫كارت‬ ‫شماره‬‫پرداخت‬‫قرار‬‫دهد‬ ‫مي‬‫شب‬ ،‫شماره‬ ‫اطﻼعات‬ ‫پرداخت‬ ‫كه‬ ‫كارت‬‫را‬ ‫تراكنش‬ ‫و‬‫مع‬ ‫از‬ ‫تا‬ ‫كند‬ ‫مي‬ ‫ارسال‬ ‫كارت‬ ‫كننده‬ ‫صادر‬ ‫بانك‬ ‫سمت‬ ‫به‬‫كارت‬ ‫شماره‬ ‫بودن‬ ‫تبر‬‫تراكنش‬ ‫مبلغ‬ ‫و‬ ،‫كند‬ ‫حاصل‬ ‫اطمينان‬‫فروشنده‬ ‫سمت‬ ‫به‬ ‫آن‬ ‫نتيجه‬ ‫و‬ ‫ثبت‬ ‫موفقيت‬ ‫با‬ ‫شده‬ ‫ذكر‬ ‫تراكنش‬ ‫سنجي‬ ‫اعتبار‬ ‫اتمام‬ ‫از‬ ‫بعد‬ ‫قرار‬ ‫مشتري‬ ‫اختيار‬ ‫در‬ ‫تراكنش‬ ‫رسيد‬ ‫و‬ ‫ارسال‬‫مي‬‫گيرد‬.
Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Resouces: http://www.fidelitypayment.com/resources/what_are_merchant_services http://www.contactlesspaymentcards.com/whatistokenizationpayments.php http://www.protegrity.com/difference-tokenization-encryption/ EMV® Payment Tokenisation Specification ebook

Recommended

E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTP
ijtsrd
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using Biometrics
IOSR Journals
 
H029044050
H029044050H029044050
H029044050researchinventy
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card System
Warren Smith
 
Experiment
ExperimentExperiment
Experimentjbashask
 
Man in-the-middle-defence
Man in-the-middle-defenceMan in-the-middle-defence
Man in-the-middle-defenceHai Nguyen
 
Tellerpass -
Tellerpass - Tellerpass -
Tellerpass - Yiannis Hatzopoulos
 

Recommended

E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTP
ijtsrd
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using Biometrics
IOSR Journals
 
H029044050
H029044050H029044050
H029044050researchinventy
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card System
Warren Smith
 
Experiment
ExperimentExperiment
Experimentjbashask
 
Man in-the-middle-defence
Man in-the-middle-defenceMan in-the-middle-defence
Man in-the-middle-defenceHai Nguyen
 
Tellerpass -
Tellerpass - Tellerpass -
Tellerpass - Yiannis Hatzopoulos
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the Web
SafeNet
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230
Shivlal Mewada
 
Project Part A & B 10.15.14
Project Part A & B 10.15.14Project Part A & B 10.15.14
Project Part A & B 10.15.14haney888
 
Atm theft
Atm theftAtm theft
Atm theftApurva Sharma
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSIS
RAHUL KUMAR
 
Protection on cyber fraud
Protection on cyber fraudProtection on cyber fraud
Protection on cyber fraudBUSINESS SOFTWARES & SOLUTIONS
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 
Fraud in bank
Fraud in bankFraud in bank
Fraud in bank
PawanKumarJha7
 
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET Journal
 
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
IJRTEMJOURNAL
 
Online Secure payment System using shared Images
Online Secure payment System using shared ImagesOnline Secure payment System using shared Images
Online Secure payment System using shared Images
IRJET Journal
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emv
Anil Chaurasiya
 
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack
- Mark - Fullbright
 
Attacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonlineAttacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonline
RapidSSLOnline.com
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment SecurityTom Cooley
 
CREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityCREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card Security
Rahul Tyagi
 
Mb2420032007
Mb2420032007Mb2420032007
Mb2420032007
IJERA Editor
 
Iposterminals
IposterminalsIposterminals
Iposterminals
bizsolution
 
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
IJSRED
 
Ict project (1)
Ict project (1)Ict project (1)
Ict project (1)
spy007s
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
Introduction to Computer Forensics & Cyber Security
Introduction to Computer Forensics & Cyber SecurityIntroduction to Computer Forensics & Cyber Security
Introduction to Computer Forensics & Cyber Security
pivisoc989
 

More Related Content

What's hot

Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the Web
SafeNet
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230
Shivlal Mewada
 
Project Part A & B 10.15.14
Project Part A & B 10.15.14Project Part A & B 10.15.14
Project Part A & B 10.15.14haney888
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSIS
RAHUL KUMAR
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 
Fraud in bank
Fraud in bankFraud in bank
Fraud in bank
PawanKumarJha7
 
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET Journal
 
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
IJRTEMJOURNAL
 
Online Secure payment System using shared Images
Online Secure payment System using shared ImagesOnline Secure payment System using shared Images
Online Secure payment System using shared Images
IRJET Journal
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emv
Anil Chaurasiya
 
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack
- Mark - Fullbright
 
Attacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonlineAttacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonline
RapidSSLOnline.com
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment SecurityTom Cooley
 
CREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityCREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card Security
Rahul Tyagi
 
Mb2420032007
Mb2420032007Mb2420032007
Mb2420032007
IJERA Editor
 
Iposterminals
IposterminalsIposterminals
Iposterminals
bizsolution
 
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
IJSRED
 
Ict project (1)
Ict project (1)Ict project (1)
Ict project (1)
spy007s
 

What's hot (20)

Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the Web
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230
 
Project Part A & B 10.15.14
Project Part A & B 10.15.14Project Part A & B 10.15.14
Project Part A & B 10.15.14
 
Atm theft
Atm theftAtm theft
Atm theft
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSIS
 
Protection on cyber fraud
Protection on cyber fraudProtection on cyber fraud
Protection on cyber fraud
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
 
Fraud in bank
Fraud in bankFraud in bank
Fraud in bank
 
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
 
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
 
Online Secure payment System using shared Images
Online Secure payment System using shared ImagesOnline Secure payment System using shared Images
Online Secure payment System using shared Images
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emv
 
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack
 
Attacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonlineAttacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonline
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment Security
 
CREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityCREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card Security
 
Mb2420032007
Mb2420032007Mb2420032007
Mb2420032007
 
Iposterminals
IposterminalsIposterminals
Iposterminals
 
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
 
Ict project (1)
Ict project (1)Ict project (1)
Ict project (1)
 

Similar to Payment Tokenization

Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
Introduction to Computer Forensics & Cyber Security
Introduction to Computer Forensics & Cyber SecurityIntroduction to Computer Forensics & Cyber Security
Introduction to Computer Forensics & Cyber Security
pivisoc989
 
Review on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayReview on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment Gateway
IRJET Journal
 
An ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation NetworkAn ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation Network
dbpublications
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
ITIO Innovex
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-securityKerri Lorch
 
Ecommerce 27-1.pptx
Ecommerce 27-1.pptxEcommerce 27-1.pptx
Ecommerce 27-1.pptx
Akash588342
 
Electronic payment by ahmad
Electronic payment by ahmadElectronic payment by ahmad
Electronic payment by ahmad
Mohd. Ahmad Siddiqi
 
Attacks on Point of Sale systems - By Symantec
Attacks on Point of Sale systems - By SymantecAttacks on Point of Sale systems - By Symantec
Attacks on Point of Sale systems - By Symantec
CheapSSLsecurity
 
micro payments using coin
micro payments using coinmicro payments using coin
micro payments using coin
Naga Dinesh
 
Tellerpass - an OTP SIM applet for Banking
Tellerpass - an OTP SIM applet for BankingTellerpass - an OTP SIM applet for Banking
Tellerpass - an OTP SIM applet for Banking
Yiannis Hatzopoulos
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Hai Nguyen
 
Tokenization Payment Data Out Securing Payment Data Storage
Tokenization Payment Data Out Securing Payment Data StorageTokenization Payment Data Out Securing Payment Data Storage
Tokenization Payment Data Out Securing Payment Data Storage
- Mark - Fullbright
 
Key Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment SystemsKey Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment Systems
ITIO Innovex
 
How might cryptocurrencies impact
How might cryptocurrencies impactHow might cryptocurrencies impact
How might cryptocurrencies impact
OliviaJune1
 
Digital Payments - Netcetera Innovation Summit 2018
Digital Payments - Netcetera Innovation Summit 2018Digital Payments - Netcetera Innovation Summit 2018
Digital Payments - Netcetera Innovation Summit 2018
Netcetera
 
Blockchains.My - Decentralised Mobile Wallet App
Blockchains.My - Decentralised Mobile Wallet AppBlockchains.My - Decentralised Mobile Wallet App
Blockchains.My - Decentralised Mobile Wallet App
Raja Muhd Amiruddin Raja Chulan
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Online Payment System using Steganography and Visual Cryptography
Online Payment System using Steganography and Visual CryptographyOnline Payment System using Steganography and Visual Cryptography
Online Payment System using Steganography and Visual Cryptography
IJCERT
 

Similar to Payment Tokenization (20)

Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
Introduction to Computer Forensics & Cyber Security
Introduction to Computer Forensics & Cyber SecurityIntroduction to Computer Forensics & Cyber Security
Introduction to Computer Forensics & Cyber Security
 
Review on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayReview on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment Gateway
 
An ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation NetworkAn ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation Network
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
 
Ecommerce 27-1.pptx
Ecommerce 27-1.pptxEcommerce 27-1.pptx
Ecommerce 27-1.pptx
 
Electronic payment by ahmad
Electronic payment by ahmadElectronic payment by ahmad
Electronic payment by ahmad
 
Attacks on Point of Sale systems - By Symantec
Attacks on Point of Sale systems - By SymantecAttacks on Point of Sale systems - By Symantec
Attacks on Point of Sale systems - By Symantec
 
micro payments using coin
micro payments using coinmicro payments using coin
micro payments using coin
 
Tellerpass - an OTP SIM applet for Banking
Tellerpass - an OTP SIM applet for BankingTellerpass - an OTP SIM applet for Banking
Tellerpass - an OTP SIM applet for Banking
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
 
Tokenization Payment Data Out Securing Payment Data Storage
Tokenization Payment Data Out Securing Payment Data StorageTokenization Payment Data Out Securing Payment Data Storage
Tokenization Payment Data Out Securing Payment Data Storage
 
Key Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment SystemsKey Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment Systems
 
How might cryptocurrencies impact
How might cryptocurrencies impactHow might cryptocurrencies impact
How might cryptocurrencies impact
 
Tokenization
TokenizationTokenization
Tokenization
 
Digital Payments - Netcetera Innovation Summit 2018
Digital Payments - Netcetera Innovation Summit 2018Digital Payments - Netcetera Innovation Summit 2018
Digital Payments - Netcetera Innovation Summit 2018
 
Blockchains.My - Decentralised Mobile Wallet App
Blockchains.My - Decentralised Mobile Wallet AppBlockchains.My - Decentralised Mobile Wallet App
Blockchains.My - Decentralised Mobile Wallet App
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Online Payment System using Steganography and Visual Cryptography
Online Payment System using Steganography and Visual CryptographyOnline Payment System using Steganography and Visual Cryptography
Online Payment System using Steganography and Visual Cryptography
 

More from Hamid Ghorbani

Spring aop
Spring aopSpring aop
Spring aop
Hamid Ghorbani
 
Spring boot jpa
Spring boot jpaSpring boot jpa
Spring boot jpa
Hamid Ghorbani
 
Spring mvc
Spring mvcSpring mvc
Spring mvc
Hamid Ghorbani
 
Reactjs Basics
Reactjs BasicsReactjs Basics
Reactjs Basics
Hamid Ghorbani
 
Rest web service
Rest web serviceRest web service
Rest web service
Hamid Ghorbani
 
Java inheritance
Java inheritanceJava inheritance
Java inheritance
Hamid Ghorbani
 
Java I/o streams
Java I/o streamsJava I/o streams
Java I/o streams
Hamid Ghorbani
 
Java Threads
Java ThreadsJava Threads
Java Threads
Hamid Ghorbani
 
Java Reflection
Java ReflectionJava Reflection
Java Reflection
Hamid Ghorbani
 
Java Generics
Java GenericsJava Generics
Java Generics
Hamid Ghorbani
 
Java collections
Java collectionsJava collections
Java collections
Hamid Ghorbani
 
Java programming basics
Java programming basicsJava programming basics
Java programming basics
Hamid Ghorbani
 
IBM Integeration Bus(IIB) Fundamentals
IBM Integeration Bus(IIB) FundamentalsIBM Integeration Bus(IIB) Fundamentals
IBM Integeration Bus(IIB) Fundamentals
Hamid Ghorbani
 
ESB Overview
ESB OverviewESB Overview
ESB Overview
Hamid Ghorbani
 
Spring security configuration
Spring security configurationSpring security configuration
Spring security configuration
Hamid Ghorbani
 
SOA & ESB in banking systems(Persian language)
SOA & ESB in banking systems(Persian language)SOA & ESB in banking systems(Persian language)
SOA & ESB in banking systems(Persian language)
Hamid Ghorbani
 

More from Hamid Ghorbani (16)

Spring aop
Spring aopSpring aop
Spring aop
 
Spring boot jpa
Spring boot jpaSpring boot jpa
Spring boot jpa
 
Spring mvc
Spring mvcSpring mvc
Spring mvc
 
Reactjs Basics
Reactjs BasicsReactjs Basics
Reactjs Basics
 
Rest web service
Rest web serviceRest web service
Rest web service
 
Java inheritance
Java inheritanceJava inheritance
Java inheritance
 
Java I/o streams
Java I/o streamsJava I/o streams
Java I/o streams
 
Java Threads
Java ThreadsJava Threads
Java Threads
 
Java Reflection
Java ReflectionJava Reflection
Java Reflection
 
Java Generics
Java GenericsJava Generics
Java Generics
 
Java collections
Java collectionsJava collections
Java collections
 
Java programming basics
Java programming basicsJava programming basics
Java programming basics
 
IBM Integeration Bus(IIB) Fundamentals
IBM Integeration Bus(IIB) FundamentalsIBM Integeration Bus(IIB) Fundamentals
IBM Integeration Bus(IIB) Fundamentals
 
ESB Overview
ESB OverviewESB Overview
ESB Overview
 
Spring security configuration
Spring security configurationSpring security configuration
Spring security configuration
 
SOA & ESB in banking systems(Persian language)
SOA & ESB in banking systems(Persian language)SOA & ESB in banking systems(Persian language)
SOA & ESB in banking systems(Persian language)
 

Recently uploaded

Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
ayushiqss
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
Jelle | Nordend
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Hivelance Technology
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024
Sharepoint Designs
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
NaapbooksPrivateLimi
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 

Recently uploaded (20)

Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 

Payment Tokenization

  • 1. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Tokenization: Tokenization is one innovative technology that banks use to protect customers from fraud. It is the process of substituting a sensitive data element with a unique non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. Tokenization is one of the simplest ways to begin to protect your customers, your business in the face of a data breach. Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored in databases and exchanged freely over networks. Since the token is not a primary account number (PAN), it can't be used outside the context of a specific unique transaction with that particular merchant. Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration. ‫توكنايزيشن‬‫كﻼهبرداري‬ ‫برابر‬ ‫در‬ ‫مشتريانشان‬ ‫از‬ ‫مواظبت‬ ‫براي‬ ‫بانكها‬ ‫كه‬ ‫است‬ ‫جديد‬ ‫و‬ ‫خﻼقانه‬ ‫تكنولوژي‬ ‫يك‬ ‫توكنايزيشن‬ .‫كنند‬ ‫مي‬ ‫استفاده‬‫اي‬ ‫پروسه‬‫مي‬ ‫جايگزين‬ ‫يكتا‬ ‫حساس‬ ‫غير‬ ‫ديتاي‬ ‫يك‬ ‫با‬ ‫حساس‬ ‫ديتاي‬ ‫آن‬ ‫در‬ ‫كه‬ ‫است‬ ‫شود‬‫توكنايزيشن‬ ‫بانكي‬ ‫هاي‬ ‫پرداخت‬ ‫زمينه‬ ‫در‬ .‫به‬‫معني‬‫جايگزين‬‫كردن‬‫اطﻼعات‬‫حساس‬‫كارت‬ ‫شماره‬ ‫مانند‬ ‫كارت‬ ‫با‬ ‫غيره‬ ‫و‬ ‫كارت‬ ‫انقضاء‬ ‫تاريخ‬ ،‫يك‬.‫باشد‬ ‫مي‬ ‫توكن‬ ‫مفهوم‬‫توكنايزيشن‬‫براي‬‫اولين‬‫بار‬‫توسﻂ‬‫انجمن‬TCH‫كه‬‫متشكل‬‫از‬22‫بانك‬‫تجاري‬‫بزرگ‬‫آمريكاست‬‫مطرح‬ ‫گرديد‬.‫اين‬‫انجمن‬‫مستندي‬‫را‬‫در‬‫سال‬2013‫بعنوان‬‫مشخصات‬‫فني‬‫توكن‬‫منتشر‬‫كرد‬‫و‬‫سﭙﺲ‬‫در‬‫نيمه‬‫اول‬‫سال‬ 2014‫نيز‬‫يك‬‫نمونه‬‫از‬‫آن‬‫را‬‫پياده‬‫سازي‬‫نمود‬.‫با‬‫توجه‬‫به‬‫محدود‬‫بودن‬‫اين‬‫انجمن‬‫به‬‫بانكهاي‬،‫عضو‬‫اين‬‫مشخصات‬ ‫بعنوان‬‫يك‬‫استاندارد‬‫جهان‬‫ي‬‫درنيامد‬‫تا‬‫آنكه‬‫سال‬2014‫كنسرسيوم‬EMVCo‫شركتهاي‬ ‫از‬ ‫متشكل‬Europay, MasterCard‫و‬Visa‫استاندارد‬‫خود‬‫را‬‫در‬‫اين‬‫زمينه‬‫منتشر‬‫نمود‬.‫اين‬‫كنسرسيوم‬‫با‬‫انتشار‬‫استاندارد‬‫فوق‬،‫الذكر‬ ‫تمام‬‫مشخصات‬‫و‬‫ملزومات‬‫فني‬‫و‬‫همچنين‬‫نقشهاي‬‫جديدي‬‫كه‬‫بايد‬‫براي‬‫ارائه‬‫سرويﺲ‬‫توكنايزيشن‬‫فراهم‬‫گردد‬‫را‬ ‫مشخﺺ‬‫كرده‬‫است‬. Detokenization: ‫دي‬‫توكنايزيشن‬‫كردن‬ ‫نگاشت‬ ‫پرداخت‬ ‫سيستم‬ ‫در‬ ‫)مثﻼ‬ ‫آن‬ ‫اصلي‬ ‫مقدار‬ ‫به‬ ‫توكن‬ ‫يك‬ ‫كردن‬ ‫نگاشت‬ ‫پروسه‬ ‫به‬ ‫توكن‬ ‫دادن‬ ‫با‬ ‫آن‬ ‫در‬ ‫كه‬ ‫است‬ ‫توكنايزيشن‬ ‫معكوس‬ ‫فرياند‬ ‫ساده‬ ‫زبان‬ ‫به‬ .‫شود‬ ‫مي‬ ‫گفته‬ (‫كارت‬ ‫شماره‬ ‫به‬ ‫توكن‬ .‫آوريم‬ ‫بدست‬ ‫را‬ ‫اصلي‬ ‫اطﻼعات‬
  • 2. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid :‫پرداخت‬ ‫هاي‬ ‫روش‬ ‫مي‬ ‫كلي‬ ‫دسته‬ ‫سه‬ ‫به‬ ‫را‬ ‫بانكي‬ ‫پرداختهاي‬: ‫كرد‬ ‫تقسيم‬ ‫توان‬ 1) Online 2) Smart Phones 3) Cards :‫پرداخت‬ ‫هنگام‬ ‫در‬ ‫اطﻼعات‬ ‫از‬ ‫محافظت‬ ‫رايج‬ ‫تكنولوژيهاي‬ : ‫ميگيرد‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫اطﻼعات‬ ‫انتقال‬ ‫سازي‬ ‫ايمن‬ ‫براي‬ ‫زير‬ ‫تكنولوژي‬ ‫سه‬ ‫پرداخت‬ ‫سيستمهاي‬ ‫در‬ -tokenizaion -encryption(‫)رمزنگاري‬ -EMVCHIP‫شركت‬ ‫ستهاي‬ ‫چيپ‬ ‫تكنواوژي‬ ‫با‬ ‫بانك‬ ‫عابر‬ ‫)كارتهاي‬EMV( From a security perspective, Tokenization enhances security in an importantly different way than Encryption. While encryption is excellent to ensure confidentiality of the data encrypted, it only protects that data while it is encrypted. To be used for transaction processing, it is usually the case that the encrypted data must be decrypted to be used, and then re-encrypted to once again protect the data. Decrypted data is vulnerable to attack.
  • 3. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫اول‬ ‫نگاه‬ ‫در‬ ‫اگرچه‬encryption‫و‬tokenizaion‫عمل‬ ‫در‬ ‫اما‬ .‫آيند‬ ‫مي‬ ‫حساب‬ ‫به‬ ‫رمزنگاري‬ ‫از‬ ‫فرمهايي‬ ‫دو‬ ‫هر‬ ‫روش‬ .‫هستند‬ ‫هم‬ ‫از‬ ‫متفاوتي‬ ‫كامﻼ‬ ‫روشهاي‬ ‫دو‬ ‫اين‬encryption‫كليد‬ ‫از‬ ‫استفاده‬ ‫با‬،‫شود‬ ‫مي‬ ‫رمز‬ ‫نظر‬ ‫مورد‬ ‫ديتاي‬ ‫روش‬ ‫در‬ ‫اما‬tokenization.‫شود‬ ‫مي‬ ‫منتقل‬ ‫رمز‬ ‫غير‬ ‫و‬ ‫آشكار‬ ‫متن‬ ‫بصورت‬ ‫ديتا‬ ‫كل‬ : ‫پرداخت‬ ‫قديمي‬ ‫هاي‬ ‫روش‬ ‫در‬ ‫برداري‬ ‫كﻼه‬ ‫امكان‬ Payements, using traditional credit cards or even contactless cards, are often at risk of attack. For example, the reality is that credit cards cannot prevent Point-of-Sale (PoS) terminal attacks. The chip- on-card makes it extremely difficult for criminals to manufacture counterfeit credit cards using stolen data thus reducing counterfeit and lost or stolen card fraud. But that doesn’t protect these cards from other types of attacks, particularly those that look to steal data during a transaction. One common contactless attack is the relay attack. The attack chain consists of:  A relay reader device called a mole, which is placed in close proximity to the card being attacked.  A card emulator device called a proxy, which is used to communicate with the PoS terminal.  A fast communication channel between the relay and the proxy. ‫استف‬‫اده‬‫از‬‫كارتهاي‬‫كه‬ ‫است‬ ‫اين‬ ‫واقعيت‬ .‫است‬ ‫بوده‬ ‫روبرو‬ ‫هكرها‬ ‫حمله‬ ‫ريسك‬ ‫با‬ ‫همواره‬ ‫اعتباري‬ ‫كارتهاي‬ ‫ستني‬ ‫استف‬ ‫البته‬ .‫شوند‬ ‫پوز‬ ‫ترمينالهاي‬ ‫به‬ ‫حمله‬ ‫از‬ ‫جلوگيري‬ ‫باعث‬ ‫توانند‬ ‫نمي‬ ‫كارتهاي‬‫اده‬‫از‬‫كارتهاي‬‫مبتني‬‫بر‬EMV Chip‫ميتواند‬‫ك‬ ‫تر‬ ‫سخت‬ ‫جاعلين‬ ‫براي‬ ‫را‬ ‫شده‬ ‫دزديه‬ ‫يا‬ ‫گمشده‬ ‫كارتهاي‬ ‫جعل‬ ‫كار‬‫ند‬‫و‬‫امكان‬‫جعل‬‫كارت‬‫را‬ ‫كاهش‬،‫دهد‬‫اما‬‫بكارگيري‬‫اين‬،‫فناوري‬‫كاهش‬‫تقلبهاي‬‫غيركارتي‬‫و‬‫امنيت‬‫محيطهاي‬‫نوظهور‬‫كه‬‫از‬‫كانالهاي‬‫پرداخت‬ ‫گوناگون‬‫است‬‫ف‬‫اده‬‫ميكنند‬‫تراكنش‬ ‫انجام‬ ‫هنگام‬ ‫اطﻼعات‬ ‫دزدي‬ ‫بخصوص‬‫را‬‫پوشش‬‫نمي‬.‫دهد‬‫روشهاي‬ ‫از‬ ‫يكي‬
  • 4. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫حمله‬ ‫به‬ ،‫پرداخت‬ ‫دستگاههاي‬ ‫با‬ ‫تماس‬ ‫بدون‬ ‫حمله‬ ‫معروف‬relay‫دستگاه‬ ‫يك‬ ‫شامل‬ ‫حمله‬ ‫اين‬ .‫باشد‬ ‫مي‬ ‫معروف‬ ‫بنام‬mole‫به‬ ‫كه‬ ‫كارت‬ ‫ساز‬ ‫شبيه‬ ‫دستگاه‬ ‫يك‬ ‫و‬ (‫شود‬ ‫مي‬ ‫استفاده‬ ‫حمله‬ ‫مورد‬ ‫كارت‬ ‫اطﻼعات‬ ‫خواندن‬ ‫براي‬ ‫)كه‬ proxy‫ارت‬ ‫شبكه‬ ‫يك‬ ‫و‬ ‫رود‬ ‫مي‬ ‫كار‬ ‫به‬ ‫پوز‬ ‫با‬ ‫ارتباط‬ ‫براي‬ ‫و‬ ‫است‬ ‫معروف‬.‫شود‬ ‫مي‬ ‫دو‬ ‫اين‬ ‫بين‬ ‫سريع‬ ‫باطي‬ ‫در‬‫چنين‬‫شرايطي‬‫سي‬‫ستمهاي‬‫ن‬‫شانگذاري‬،‫پرداخت‬‫با‬‫جايگزين‬‫كردن‬‫شماره‬‫كارت‬‫با‬‫توكن‬ ‫يك‬‫قادرند‬‫بدست‬ ‫از‬ ‫مانع‬ ‫شوند‬ ‫كارت‬ ‫حقيقي‬ ‫اطﻼعات‬ ‫اوردن‬. : ‫است‬ ‫شده‬ ‫داده‬ ‫نشان‬ ‫كﻼهبرداري‬ ‫عمده‬ ‫روش‬ ‫سه‬ ‫نيز‬ ‫زير‬ ‫شكل‬ ‫در‬
  • 5. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫توكن‬‫دقيقا‬‫چيست‬‫اطﻼعات‬ ‫از‬ ‫محافظت‬ ‫باعث‬ ‫چگونه‬ ‫و‬‫كارت‬‫شود‬ ‫مي‬‫؟‬ ‫كه‬ ‫هنگامي‬ ‫و‬ ‫شود‬ ‫مي‬ ‫استفاده‬ ‫بانكي‬ ‫كارت‬ ‫شماره‬ ‫مثﻼ‬ ‫جاي‬ ‫به‬ ‫كه‬ ‫است‬ ‫يكتا‬ ‫عددي‬ ‫مقدار‬ ‫يك‬ ‫معموﻻ‬ ‫توكن‬ ‫دزديه‬ ‫توكن‬ ‫كه‬ ‫صورتي‬ ‫در‬ .‫ميگيرد‬ ‫قرار‬ ‫كارت‬ ‫شماره‬ ‫جاي‬ ‫به‬ ‫شود‬ ‫مي‬ ‫ارسال‬ ‫اينترنت‬ ‫شبكه‬ ‫در‬ ‫پرداخت‬ ‫اطﻼعات‬ ‫تواند‬ ‫نمي‬ ‫توكن‬ ‫طريق‬ ‫از‬ ‫سارق‬ ‫زيرا‬ ‫بود‬ ‫خواهد‬ ‫ارزش‬ ‫بي‬ ‫مقدار‬ ‫يك‬ ‫شود‬.‫بياورد‬ ‫بدست‬ ‫را‬ ‫كارت‬ ‫شماره‬‫مقادير‬ ‫شده‬ ‫نگاري‬ ‫رمز‬ ‫غير‬ ‫يا‬ ‫شده‬ ‫رمزنگاري‬ ‫بصورت‬ ‫تواند‬ ‫مي‬ ‫و‬ ‫باشد‬ ‫مي‬ ‫متنوع‬ ‫بسيار‬ ‫توكن‬ ‫فرمت‬ ‫نظر‬ ‫از‬ ‫توكن‬ ‫يك‬ .‫باشد‬ :‫توكن‬ ‫هاي‬ ‫قابليت‬ -.‫شود‬ ‫نگاشت‬ ‫مختلف‬ ‫استفاده‬ ‫براي‬ ‫مختلفي‬ ‫هاي‬ ‫توكن‬ ‫به‬ ‫است‬ ‫ممكن‬ ‫كارت‬ ‫شماره‬ ‫يك‬ -‫يك‬ ‫مختﺺ‬ ‫است‬ ‫ممكن‬ ‫ها‬ ‫توكن‬Merchant‫خاص‬ ‫دستگاه‬ ‫يا‬ ‫كانال‬ ، (‫پوز‬ ‫دستگاه‬ ‫صاحب‬ ‫يا‬ ‫)فروشنده‬ ‫شوند‬ ‫توليد‬ ‫خاص‬ ‫دستگاه‬ ‫يا‬ ‫كانال‬ ‫يا‬ ‫فروشنده‬ ‫يك‬ ‫براي‬ ‫خاص‬ ‫بطور‬ ‫يعني‬ ،‫باشند‬. -‫را‬ ‫ها‬ ‫توكن‬‫توان‬ ‫مي‬.‫كرد‬ ‫توليد‬ ‫مصرف‬ ‫بار‬ ‫چند‬ ‫يا‬ ‫مصرف‬ ‫يكبار‬ ‫بصورت‬‫هر‬ ‫به‬ ‫توكن‬ ‫اگر‬ ،‫روش‬ ‫اين‬ ‫در‬ ‫توكن‬ ‫اينكه‬ ‫بدليل‬ ،‫شود‬ ‫دزديده‬ ‫دليلي‬‫تعيين‬ ‫محيﻂ‬ ‫از‬ ‫خارج‬ ‫و‬ ‫اند‬ ‫شده‬ ‫طراحي‬ ‫خاصي‬ ‫محيﻂ‬ ‫اساس‬ ‫بر‬ ‫ها‬ .‫باشد‬ ‫مي‬ ‫كمتر‬ ‫بسيار‬ ‫برداري‬ ‫كﻼه‬ ‫امكان‬ ،‫نيستند‬ ‫استفاده‬ ‫قابل‬‫هاي‬ ‫توكن‬ ‫به‬ ‫كارت‬ ‫شماره‬ ‫يك‬ ‫زير‬ ‫شكل‬ ‫در‬ .‫هستند‬ ‫استفاده‬ ‫قابل‬ ‫خاصي‬ ‫محيﻂ‬ ‫براي‬ ‫كدام‬ ‫هر‬ ‫كه‬ ‫شده‬ ‫نگاست‬ ‫مختلفي‬
  • 6. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫توكن‬ ‫مختلف‬ ‫انواع‬: ‫دست‬ ‫سه‬ ‫به‬ ‫را‬ ‫ها‬ ‫توكن‬‫ه‬‫زير‬.‫كرد‬ ‫تقسيم‬ ‫توان‬ ‫مي‬ - Acquirer Token - Issuer Token - Payment Token Acquiring tokens: Acquiring tokens replace card data with a substitute value and are created after a cardholder presents the card. There are many types of acquiring tokens that are effective in both brick and mortar and e- commerce channels. These tokens may be provided by acquirers, processors, gateways, terminal vendors, financial technology (fintech) companies, or may be generated directly by a merchant. An acquiring token is generally not a form of payment but is used for critical business functions where the merchant does not need to know the original PAN. Had the above merchant been using acquiring tokens for its loyalty system, the card data would not have been available to the attackers when they first accessed that database. ‫توكنهاي‬) ‫پذيرندگي‬Acquirer Token() ‫پوز‬ ‫دستگاه‬ ‫صاحب‬ ‫و‬ ‫فروشنده‬ ‫بين‬ ‫بسته‬ ‫محيﻂ‬ ‫در‬ ‫كه‬Merchant‫و‬ ( ) ‫پذيرنده‬acquirer‫فر‬ ‫محيﻂ‬ ‫از‬ ‫حساس‬ ‫ديتاي‬ ‫حذف‬ ‫براي‬ ‫و‬ ‫شود‬ ‫مي‬ ‫استفاده‬ (.‫شود‬ ‫مي‬ ‫استفاده‬ ‫وشنده‬‫توكن‬ ‫اين‬ .‫شوند‬ ‫توليد‬ ‫فروشنده‬ ‫توسﻂ‬ ‫مستقيما‬ ‫يا‬ ‫تك‬ ‫فين‬ ‫شركتهاي‬ ،‫پذيرنده‬ ‫توسﻂ‬ ‫است‬ ‫ممكن‬ ‫ها‬‫استاندارد‬ ‫اساس‬ ‫بر‬(PCI Data Security Standard) PCI DSS‫پذيرندگان‬‫به‬‫جاي‬‫ذخيره‬PAN‫مشتريانشان‬‫در‬‫سيستم‬‫هاي‬‫بازاريابي‬ ‫خود‬ ‫واسﻂ‬ ‫و‬‫مقادير‬‫جايگزين‬‫همان‬ ‫يا‬‫توكن‬‫ذخيره‬ ‫سيستمها‬ ‫آن‬ ‫در‬ ‫را‬‫مي‬‫ك‬.‫نند‬‫روشهاي‬‫متعددي‬‫جهت‬‫ايجاد‬‫اين‬ ‫توكنها‬‫مورد‬‫استفاده‬‫قرار‬‫ميگيرند‬،‫همچون‬‫استفاده‬‫از‬‫اعداد‬‫تصادفي‬‫و‬‫يا‬‫روشهاي‬‫بهم‬.‫ريختگي‬‫اينگونه‬‫توكن‬‫ها‬ ‫نمي‬‫توانند‬‫جهت‬‫ايجاد‬‫يك‬‫تراكنش‬‫مورد‬‫استفاده‬‫قرار‬‫گيرند‬‫و‬‫در‬‫صورت‬،‫ضرورت‬‫بايد‬‫ابتدا‬PAN‫بازيابي‬‫شود‬ (De-Tokenization)‫و‬‫سﭙﺲ‬‫تراكنش‬‫ايجاد‬.‫شود‬‫البته‬‫نكته‬‫بسيار‬‫مهم‬‫اينست‬‫كه‬‫بازيابي‬PAN‫از‬‫روي‬‫توكن‬ ‫بصورت‬‫الگوريتميك‬‫امكانﭙذير‬‫نيست‬‫و‬‫صرفا‬‫از‬‫طريق‬‫يك‬‫جدول‬‫تناظر‬‫بدست‬‫خواهد‬‫آمد‬‫و‬‫اين‬‫جدول‬‫صرفا‬‫در‬ ‫محيطي‬‫ذخيره‬‫ميشود‬‫كه‬‫با‬‫الزامات‬PCI DSS‫سازگار‬‫باشد‬.
  • 7. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Issuer Token: Issuer tokens are issuer-created account number replacements, often deployed as one-time-account numbers, also called one-time use virtual cards. These are used in unique scenarios where it is desirable to limit an account number to a single use, a set dollar amount, or even a specific merchant. These types of tokens are generated by an issuer or on behalf of an issuer. These tokens are often used in the travel industry and the merchant is not always aware that they are receiving an issuing token as it works like a regular PAN today. Because of this inability to distinguish between PANs and issuer tokens, merchants should always treat these tokens as if they were regular unprotected card data. (Note: As Issuing tokens are a special use case and not in the merchant domain of control, they are not referenced in the illustrations above.) ‫توكن‬‫هاي‬‫صادركنندگي‬‫حسابهايي‬ ‫شماره‬ ‫حقيقت‬ ‫در‬ ،‫هستند‬ ‫معروف‬ ‫مصرف‬ ‫بار‬ ‫يك‬ ‫مجازي‬ ‫كارتهاي‬ ‫شماره‬ ‫به‬ ‫كه‬ ‫عنوان‬ ‫به‬ ‫و‬ ‫شوند‬ ‫مي‬ ‫توليد‬ ‫پذيرنده‬ ‫طرف‬ ‫از‬ ‫كه‬ ‫هستند‬.‫گيرند‬ ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫مصرف‬ ‫بار‬ ‫يك‬ ‫حسابهاي‬ ‫شماره‬ ‫يك‬ ‫شبيه‬ ‫و‬ ‫گيرند‬ ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫گردشگري‬ ‫صنعت‬ ‫در‬ ‫اغلب‬ ‫ها‬ ‫توكن‬ ‫اين‬PAN‫دليل‬ ‫به‬ ‫هستندو‬ ‫معمولي‬ ‫يك‬ ‫از‬ ‫ها‬ ‫توكن‬ ‫اين‬ ‫تشخيﺺ‬ ‫در‬ ‫توانايي‬ ‫عدم‬ ‫همين‬PAN‫كارتهايي‬ ‫عنوان‬ ‫به‬ ‫آنها‬ ‫با‬ ‫بايد‬ ‫هميشه‬ ‫ها‬ ‫فروشنده‬ ،‫حقيقي‬ ‫با‬.‫كنند‬ ‫برخورد‬ ‫نشده‬ ‫محافظت‬ ‫ديتاي‬ Payment Token Payment tokens are used to make a payment. Unlike acquiring tokens, the payment token, is used in place of the regular PAN. Payment token presentment usually occurs through a digital wallet contained on a smartphone or smart device. Payment tokens are also used for card-on-file transactions where a merchant may replace a database of recurring payment data with payment tokens. Inherently, payment tokens have a higher degree of security than acquiring tokens since the original cardholder data is not exposed inside of the merchant’s environment. Payment tokens are designed to be of such a low value to criminals, that the tokens do not require PCI DSS protection when used with dynamic cryptograms and/or domain controls. If the merchant had an acceptance channel that utilized payment tokens, the attacker would likely prefer to focus his efforts on another channel or another target altogether. ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫پرداخت‬ ‫يك‬ ‫ايجاد‬ ‫براي‬ ‫پرداخت‬ ‫هاي‬ ‫توكن‬.‫گيرند‬‫برخﻼف‬‫توكن‬ ، ‫پذيرندگي‬ ‫هاي‬ ‫توكن‬ ‫كارت‬ ‫شماره‬ ‫جايگزين‬ ‫عنوان‬ ‫به‬ ‫پرداخت‬ ‫هاي‬(PAN).‫گيرند‬ ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬‫برنامه‬ ‫در‬ ‫معموﻻ‬ ‫ها‬ ‫توكن‬ ‫اين‬ ‫گردند‬ ‫مي‬ ‫ذخيره‬ ‫شده‬ ‫نصب‬ ‫امروزي‬ ‫هوشمند‬ ‫گوشي‬ ‫در‬ ‫كه‬ ‫پولي‬ ‫كيف‬ ‫هاي‬.‫تراكنهساي‬ ‫براي‬ ‫همچنين‬ ‫ها‬ ‫توكن‬ ‫اين‬ card on file.‫گيرند‬ ‫مي‬ ‫قرار‬ ‫استفاده‬ ‫مورد‬ ‫نيز‬‫هاي‬ ‫توكن‬ ‫به‬ ‫نسبت‬ ‫باﻻتري‬ ‫امنيت‬ ‫از‬ ‫ذاتي‬ ‫بصورت‬ ‫ها‬ ‫توكن‬ ‫اين‬
  • 8. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid .‫شود‬ ‫نمي‬ ‫ارسال‬ ‫ها‬ ‫فروشنده‬ ‫محيﻂ‬ ‫به‬ ‫كارت‬ ‫اصلي‬ ‫ديتاي‬ ‫اينكه‬ ‫دليل‬ ‫به‬ .‫هستند‬ ‫برخوردار‬ ‫پذيرندگي‬‫سه‬ ‫زير‬ ‫جدول‬ :‫كند‬ ‫مي‬ ‫مقايسه‬ ‫هم‬ ‫با‬ ‫را‬ ‫شده‬ ‫ذكر‬ ‫روش‬ ‫ك‬ ‫هر‬ ‫كه‬ ‫دهد‬ ‫مي‬ ‫نشان‬ ‫زير‬ ‫شكل‬:‫گيرند‬ ‫مي‬ ‫بر‬ ‫در‬ ‫را‬ ‫پرداخت‬ ‫سيستم‬ ‫از‬ ‫بخش‬ ‫كدام‬ ‫اطﻼعات‬ ‫محافظت‬ ‫روشهاي‬ ‫از‬ ‫دام‬
  • 9. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ‫استاندارد‬EMV‫براي‬payment Token: EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. Today there are EMV® Specifications based on contact chip, contactless chip, EMV® 2nd Generation, Common Payment Application (CPA), card personalisation, Payment Tokenisation, and 3-D Secure. EMV cards are smart cards (also called chip cards or IC cards) that store their data on integrated circuits in addition to magnetic stripes (for backward compatibility). EMV stands for Europay, MasterCard, and Visa, the three companies that originally created the standard. The standard is now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover. In March 2014, EMVCo LLC released its first payment tokenization specification for EMV. ‫شركت‬ ‫تاسيﺲ‬ ‫از‬ ‫هدف‬EMV‫امن‬ ‫تراكنشهاي‬ ‫انجام‬ ‫در‬ ‫شركتها‬ ‫و‬ ‫بانكها‬ ‫بين‬ ‫همكاري‬ ‫تسهيل‬ ‫براي‬ ‫بستري‬ ‫ايجاد‬ ، .‫است‬ ‫آورده‬ ‫بوجود‬ ‫را‬ ‫استانداردهايي‬ ،‫پرداخت‬ ‫سيستم‬ ‫مختلف‬ ‫بخشهاي‬ ‫در‬ ‫شركت‬ ‫اين‬ ‫منظور‬ ‫اين‬ ‫براي‬ .‫باشد‬ ‫مي‬ ‫استانداردهاي‬EMV‫شامل‬:‫باشد‬ ‫مي‬ ‫زير‬ ‫موارد‬ contact chip, contactless chip, EMV 2nd Generation, Common Payment Application (CPA), card personalisation, Payment Tokenisa on, and 3-D Secure ‫شركت‬EMV‫شركتهاي‬ ‫از‬ ‫كنسرسيومي‬ ‫از‬ ‫متشكل‬ ‫كه‬Visa, Master‫و‬Europay‫ديگر‬ ‫شركت‬ ‫چند‬ ‫و‬‫در‬ ،‫باشد‬ ‫مي‬ ‫سال‬2014‫خود‬ ‫استاندارد‬ ‫از‬ ‫نسخه‬ ‫اولين‬‫توكنايزيشن‬ ‫مورد‬ ‫در‬‫را‬.‫كرد‬ ‫ارائه‬
  • 10. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Payment Token Issuance & Provisioning: Payment Tokens SHALL be issued through the response to the Token Request from only a registered Token Requestor recognised by the Token Service Provider with a valid Token Requestor ID. Payment Token Requests SHALL be subject to a designated ID&V assurance method based on the Requested Assurance Level agreed to by the Token Requestor and the Token Service Provider. Payment Token issuance may also involve provisioning of the Payment Token to the Token Requestor. Payment Token provisioning occurs after the Payment Token has been generated and the assurance steps are completed. The methodologies associated with the provisioning may be proprietary to each Token Service Provider and are outside the scope of this specification. Payment Token provisioning is performed through an interface between the Token Requestor and the Token Service Provider. Token Service Providers may also opt to implement Payment Token issuance and provisioning through the use of specially designated and flagged ISO 8583-based authorisation request messages to perform the Payment Token Request and transport ID&V information to the Token Service Provider for subsequent processing. In such a case, ISO 8583-based authorisation response messages can be used to return the Payment Token and associated Token Expiry Date back to the Token Requestor. :‫پرداخت‬ ‫توكن‬ ‫اعطاي‬ ‫و‬ ‫صدور‬ ‫با‬ ‫مطابق‬ ‫كه‬ ‫تراكنشي‬ ‫انجام‬ ‫براي‬‫استاندار‬‫د‬‫توكنايزيشن‬EMVCo‫شماره‬ ‫جاي‬ ‫به‬ ‫يعني‬ ،‫باشد‬PAN‫توكن‬ ‫يك‬ ‫از‬ ، .‫نماييم‬ ‫تهيه‬ ‫پرداخت‬ ‫توكن‬ ‫يك‬ ‫بايد‬ ‫ابتدا‬ ‫شود‬ ‫استفاده‬ ‫تراكنش‬ ‫انجام‬ ‫براي‬ ‫پرداخت‬‫فر‬‫ا‬‫يند‬‫صدور‬‫توكن‬‫د‬‫ر‬‫ابتداي‬ ‫استفاده‬‫از‬‫سيستم‬‫پرداخت‬‫ا‬‫انقضا‬ ‫از‬ ‫پﺲ‬ ،‫بايد‬ ‫شده‬ ‫تعريف‬ ‫انقضا‬ ‫تاريخ‬ ‫توكن‬ ‫براي‬ ‫اگر‬ .‫شود‬ ‫مي‬ ‫نجام‬، ‫ء‬‫سيستم‬ ‫تق‬ ‫مجددا‬‫ا‬:‫است‬ ‫شده‬ ‫داده‬ ‫نشان‬ ‫زير‬ ‫شكل‬ ‫در‬ ‫توكن‬ ‫درخواست‬ ‫فرايند‬ .‫كرد‬ ‫خواهد‬ ‫جديد‬ ‫توكن‬ ‫ضاي‬ ‫با‬ ‫ابتدا‬ .‫داريم‬ ‫پرداخت‬ ‫انجام‬ ‫قصد‬ ‫موبالمان‬ ‫روي‬ ‫بر‬ ‫شده‬ ‫نصب‬ ‫پول‬ ‫كيف‬ ‫اپ‬ ‫از‬ ‫استفاده‬ ‫با‬ ‫ميخواهيم‬ ‫كنيد‬ ‫فرض‬ ‫شماره‬ ‫كردن‬ ‫وارد‬PAN‫سامانه‬ ‫به‬ ‫درخواست‬ ‫يك‬ ‫پول‬ ‫كيف‬ ‫اپ‬ .‫كنيم‬ ‫مي‬ ‫توكن‬ ‫دريافت‬ ‫تقاضاي‬ ‫برنامه‬ ‫در‬Token
  • 11. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Requestor‫سامانه‬ .‫است‬ ‫شده‬ ‫ناميده‬ ‫دنا‬ ‫سامانه‬ ،‫مركزي‬ ‫بانك‬ ‫توسﻂ‬ ‫سامانه‬ ‫اين‬ .‫كند‬ ‫مي‬ ‫ارسال‬Token Requestor ‫به‬ ‫درخواست‬ ‫يك‬ ‫گرفته‬ ‫ما‬ ‫از‬ ‫را‬ (‫ديگر‬ ‫هويت‬ ‫احراز‬ ‫اطﻼعات‬ ‫و‬ ‫كارت‬ ‫رمز‬ ‫و‬ ‫كارت‬ ‫كارت)شماره‬ ‫اطﻼعات‬ ‫كه‬ ‫توكن‬ ‫سرويﺲ‬ ‫دهنده‬ ‫ارائه‬ ‫سامانه‬Token Service Provider (TSP)‫مركزي‬ ‫بانك‬ ‫توسﻂ‬ ‫سمانه‬ ‫اين‬ .‫كند‬ ‫مي‬ ‫ارسال‬ .‫است‬ ‫شده‬ ‫ناميده‬ ‫سهند‬‫سامانه‬TSP‫كنن‬ ‫صادر‬ ‫بانك‬ ‫با‬ ‫ارتباط‬ ‫از‬ ‫بعد‬‫وارد‬ ‫اطﻼعات‬ ‫صحت‬ ‫از‬ ‫اطمينان‬ ‫و‬ ‫كارت‬ ‫ده‬ ‫يا‬ ‫شده‬)ID&V(Identfication & Verification‫شماره‬ ‫همراه‬ ‫به‬ ‫و‬ ‫توليد‬ ‫را‬ ‫توكن‬ ،PAN‫در‬‫با‬ ‫متمركز‬ ‫سيستم‬ ‫يك‬ ‫آن‬ ‫به‬ ‫كه‬ ‫شوند‬ ‫مي‬ ‫نگاشته‬ ‫و‬ ‫ذخيره‬ ،‫توليد‬ ،‫باﻻ‬ ‫امنيت‬Token vault.‫شود‬ ‫مي‬ ‫گفته‬‫سامانه‬Token Vault‫توسﻂ‬ ‫مركزي‬ ‫بانك‬‫مانا‬‫است‬ ‫شده‬ ‫ناميده‬.‫ذخيره‬ ‫اپ‬ ‫در‬ ‫و‬ ‫شده‬ ‫برگردانده‬ ‫پول‬ ‫كيف‬ ‫اپ‬ ‫سمت‬ ‫به‬ ‫شده‬ ‫توليد‬ ‫توكن‬ ‫سﭙﺲ‬ .‫شود‬ ‫مي‬‫توكن‬‫صادر‬‫شده‬‫همانند‬‫داراي‬ ،‫كارت‬‫تاريخ‬‫انقضا‬‫ء‬‫باشد‬ ‫مي‬.‫تاريخ‬‫انقضاي‬‫توكن‬‫نمي‬‫تواند‬‫بيشتر‬‫از‬ ‫تاريخ‬‫انقضاي‬PAN‫متناظر‬‫باشد‬.‫براي‬ ‫نيز‬ ‫مختلفي‬ ‫هاي‬ ‫توكن‬ ،‫مختلف‬ ‫هاي‬ ‫محيﻂ‬ ‫به‬ ‫توجه‬ ‫با‬ ‫توان‬ ‫مي‬ ‫همچنين‬ ‫يك‬PAN‫كار‬ ‫اين‬ ‫با‬ ،‫كرد‬ ‫صادر‬‫باﻻ‬ ‫نيز‬ ‫توكن‬ ‫از‬ ‫استفاده‬ ‫امنيت‬.‫رود‬ ‫مي‬ ‫تر‬‫صد‬ ‫از‬ ‫بعد‬‫توكن‬ ‫ور‬،‫هر‬‫جا‬‫كه‬‫نيازي‬‫به‬ PAN،‫باشد‬‫توكني‬‫كه‬‫در‬‫اين‬‫مرحله‬‫صادر‬‫شده‬‫است‬‫جايگزين‬‫آن‬‫ميگردد‬. How does a transaction work: A scenario: STEP1: A consumer purchases goods or services from the merchant. In order to make the purchase, they would have to swipe, insert (for chip cards), or tap (for eWallets like Apple Pay) a valid credit cards to complete their payment. STEP 2: There are a variety of ways to transmit the information to the acquiring bank: - Standard terminal. The sales authorization request is submitted through a standard phone line connection to the acquiring bank. - IP terminal. The sales authorization request is submitted through an internet connection to the acquiring bank with a specially designed terminal. - Processing software. The sales authorization request is submitted through an internet connection to the acquiring bank using computer software (such as PC Charge) and a small magnetic stripe reader. No traditional terminal is needed. - Payment Processing Gateway. The sales authorization request is submitted through an automated internet website, which communicates with the acquiring bank. STEP 3: The acquiring bank routes the transaction to a processor and then to the associations – either Visa, MasterCard or Discover.
  • 12. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid STEP 4: The association system then routes the transaction to the issuing bank and requests an approval. STEP 5: The issuing bank sends back the response. If the cardholder is approved the issuing bank assigns and transmits the authorization code back to the association. STEP 6: The authorization code is sent from the card association to the acquiring bank. STEP 7: The acquiring bank routes the approval code or response to the merchant terminal. Depending on the merchant or transaction type, the merchant terminal may print a receipt for the cardholder to sign, which obligates the cardholder to pay the amount approved. STEP 8: The issuing bank bills the consumer . STEP 9: The consumer pays the bill to Issuing bank. ‫شكل‬ ‫در‬ ‫كه‬ ‫همانطور‬‫باﻻ‬‫موجود‬ ‫روشهاي‬ ‫از‬ ‫يكي‬ ‫از‬ ‫استفاده‬ ‫با‬ ‫ابتدا‬ ،‫پرداخت‬ ‫تراكنش‬ ‫يك‬ ‫انجام‬ ‫براي‬ ،‫پيداست‬ ‫پذيرنده‬ ‫سمت‬ ‫به‬ ‫تراكنش‬ ‫اطﻼعات‬ .‫كنيم‬ ‫مي‬ ‫آغاز‬ ‫را‬ ‫خود‬ ‫تراكنش‬ (‫فروشنده‬ ‫اپ‬ ‫يا‬ ‫سايت‬ ‫وب‬ ، ‫پوز‬ ‫از‬ ‫)استفاده‬ )acquirer‫توجه‬ ‫با‬ ‫پرداخت‬ ‫شبكه‬ ‫در‬ .‫شود‬ ‫مي‬ ‫ارسال‬ ‫پرداخت‬ ‫شبكه‬ ‫به‬ ‫آنجا‬ ‫از‬ ‫و‬ ‫ارسال‬ (‫درخواست‬ ،‫كارت‬ ‫شماره‬ ‫به‬ ‫صورت‬ ‫در‬ ‫سﭙﺲ‬ ‫و‬ ‫شود‬ ‫مي‬ ‫انجام‬ ‫كارت‬ ‫كننده‬ ‫صادر‬ ‫بانك‬ ‫از‬ ‫اطﻼعات‬ ‫صحت‬ ‫بررسي‬‫ص‬‫شبكه‬ ‫اطﻼعات‬ ‫بودن‬ ‫حيح‬ ) ‫فروشنده‬ ‫سمت‬ ‫به‬ ‫را‬ ‫نتيجه‬ ‫و‬ ‫تكميل‬ ‫را‬ ‫تراكنش‬ ‫پرداخت‬merchant.‫كند‬ ‫مي‬ ‫ارسال‬ (
  • 13. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid How does a tokenized transaction work: The following steps explain the flow of the standard Payment Token data fields in the authorisation message when a mobile device is used to present the Payment Token at the point of sale: 1. The mobile device will interact with the Merchant terminal, and pass the following key Payment Token data elements to the Merchant terminal. Payment Token will be passed in the existing PAN field and Token Expiry Date will be passed in the PAN Expiry Date field. 2. The Merchant terminal will pass the authorisation request to the Acquirer, carrying all the standard Payment Token fields as shown in the previous figure. 3. The Acquirer will perform standard processing checks, and pass the Payment Token data fields to the Payment Network. 4. The Payment Network will interface with the Token Service Provider to validate the Token, validate the Token Domain Restriction Controls, retrieve the PAN and verify the state of the Payment Token to PAN mapping in the Token Vault for the active Payment Token, and other controls that may be defined for that Payment Token. 5. The Payment Network will replace Payment Token and Token Expiry Date with PAN and PAN Expiry Date and will send the authorisation request to the Card Issuer,for authorization. 6. The Card Issuer completes the account-level validation and the authorisation checks, and sends an authorisation response to the Payment Network. 7. The Payment Network will replace the PAN with the Payment Token based on the mapping, and will pass it to the Acquirer as part of the authorisation response, in addition to other standard data elements. 8. The Acquirer will pass the authorisation response to the Merchant. 9. The consumer will be notified of the success or failure of the transaction.
  • 14. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid ،‫باﻻ‬ ‫شكل‬ ‫به‬ ‫توجه‬ ‫با‬‫پرداخت‬ ‫تراكنش‬ ‫يك‬ ‫انجام‬ ‫براي‬‫توكن‬‫ا‬‫شده‬ ‫يز‬‫موجود‬ ‫روشهاي‬ ‫از‬ ‫يكي‬ ‫از‬ ‫استفاده‬ ‫با‬ ‫ابتدا‬ ، ‫از‬ ‫)استفاده‬‫اپ‬‫يا‬ ‫پول‬ ‫كيف‬‫گوش‬ ‫كردن‬ ‫نزديك‬‫ي‬‫دستگاه‬ ‫به‬NFC‫تراكنش‬ ‫اطﻼعات‬ .‫كنيم‬ ‫مي‬ ‫آغاز‬ ‫را‬ ‫خود‬ ‫تراكنش‬ ( ،‫نيست‬ ‫موجود‬ ‫آن‬ ‫در‬ ‫مشتري‬ ‫كارت‬ ‫اطﻼعات‬ ‫و‬ ‫شده‬ ‫ساخته‬ ‫توكن‬ ‫از‬ ‫استفاده‬ ‫با‬ ‫اينبار‬ ‫كه‬‫از‬‫سمت‬‫فروشنده‬ )Mrechant() ‫پذيرنده‬ ‫سمت‬ ‫به‬acquirer‫شود‬ ‫مي‬ ‫ارسال‬ ‫پرداخت‬ ‫شبكه‬ ‫به‬ ‫آنجا‬ ‫از‬ ‫و‬ ‫ارسال‬ (‫سﭙﺲ‬ ،‫اطﻼعات‬ ‫سمت‬ ‫به‬ ‫توكن‬) ‫توكن‬ ‫سرويﺲ‬ ‫دهنده‬ ‫ارائه‬ ‫سيستم‬TSP(‫سيستم‬ ،‫شود‬ ‫مي‬ ‫ارسال‬TSP‫بودن‬ ‫معتبر‬ ‫بررسي‬ ‫از‬ ‫بعد‬ ‫شده‬ ‫گرفته‬ ‫نظر‬ ‫در‬ ‫امنيتي‬ ‫تمهيدات‬ ‫ساير‬ ‫و‬ ‫آن‬ ‫انتقضاي‬ ‫تاريخ‬ ‫و‬ ‫توكن‬)‫شده‬ ‫استفاده‬ ‫محيﻂ‬ ‫به‬ ‫توكن‬ ‫تعلق‬ ‫مانند‬( ‫شبكه‬ ‫اختيار‬ ‫در‬ ‫و‬ ‫استخراج‬ ‫را‬ ‫توكن‬ ‫با‬ ‫متناظر‬ ‫كارت‬ ‫شماره‬‫پرداخت‬‫قرار‬‫دهد‬ ‫مي‬‫شب‬ ،‫شماره‬ ‫اطﻼعات‬ ‫پرداخت‬ ‫كه‬ ‫كارت‬‫را‬ ‫تراكنش‬ ‫و‬‫مع‬ ‫از‬ ‫تا‬ ‫كند‬ ‫مي‬ ‫ارسال‬ ‫كارت‬ ‫كننده‬ ‫صادر‬ ‫بانك‬ ‫سمت‬ ‫به‬‫كارت‬ ‫شماره‬ ‫بودن‬ ‫تبر‬‫تراكنش‬ ‫مبلغ‬ ‫و‬ ،‫كند‬ ‫حاصل‬ ‫اطمينان‬‫فروشنده‬ ‫سمت‬ ‫به‬ ‫آن‬ ‫نتيجه‬ ‫و‬ ‫ثبت‬ ‫موفقيت‬ ‫با‬ ‫شده‬ ‫ذكر‬ ‫تراكنش‬ ‫سنجي‬ ‫اعتبار‬ ‫اتمام‬ ‫از‬ ‫بعد‬ ‫قرار‬ ‫مشتري‬ ‫اختيار‬ ‫در‬ ‫تراكنش‬ ‫رسيد‬ ‫و‬ ‫ارسال‬‫مي‬‫گيرد‬.
  • 15. Hamid Ghorbani (Tokenization) https://ir.linkedin.com/in/ghorbanihamid Resouces: http://www.fidelitypayment.com/resources/what_are_merchant_services http://www.contactlesspaymentcards.com/whatistokenizationpayments.php http://www.protegrity.com/difference-tokenization-encryption/ EMV® Payment Tokenisation Specification ebook