The National Retail Federation (NRF), Retail Industry Leaders Association (RILA), Food Marketing Institute (FMI), Merchant Advisory Group, National Association of Convenience Stores (NACS), National Grocers Association and National Restaurant Association (NRA) are jointly calling for an open and universal tokenization standard in the U.S. payments system.
The groups released a statement saying payment card data is currently vulnerable to theft where card information is swiped or entered, where card information is stored, and where it is transmitted.
The group is calling for payment industry stakeholders to adopt tokenization. Tokenization refers to the process of replacing sensitive account data and identity information with a unique token or symbol, making it less vulnerable to a security compromise. Tokens are randomly generated in a secure environment, like a coin vault, so that no data is stored or transmitted in an unsecure format.
“In order for the full benefits of tokenization technology to be realized by U.S. consumers and businesses, the standards for this technology must be created on an open platform that enables all technology providers to compete equally,” the statement said. “An open, interoperable platform will also ensure merchants can support the technology across multiple providers and make back-end security processes seamless for the customer experience.”
The statement also says tokenization will assist retailers in age verification identity checks, and storage and transmission of electronic health records and pharmacy prescriptions. Payment stakeholders are encouraged to participate in an accredited standards process, such as, but not limited to, the International Standards Organization (ISO) or American National Standards Institute (ANSI X.9), to create, maintain, and coalesce around an open solution approach to payments security.
The statement concludes that solutions for tokenization should align with the following guiding principles:
1. Subscribe to an open standards approach through an accredited standards-setting body.
2. Create a technology neutral platform allowing broad participation in the standard from technology stakeholders.
3. Allow participants to develop proprietary frameworks that operate in adherence to the standard.
4. Ensure the standard works for multiple payment environments, including e-commerce and m-commerce.
5. Require that intellectual property, such as coin vaults and common technology applications, be governed by the industry standards.
6. Require the standard be supported by all networks, brands and payments types (credit, debit, prepaid, ACH, etc.).