Is tokenization the answer to RTP fraud?

The introduction of real-time payments increases risk for financial institutions, as they now have seconds instead of days to identify fraudulent transactions.

Earlier this week, Rambus announced the launch of its Payment Account Tokenization solution to secure account-based transactions, such as automated clearing house (ACH) and real-time payments. The solution will enable central banks and clearing houses to replace sensitive account numbers with unique tokens and reduce the impact of fraud for transactions including direct credit, direct debit and person-to-person (P2P) payments.

“Real-time” payments come at the price of not being able to do slower legacy risk and fraud management checks, particularly any manual checks often triggered by large batch processes which many ACH systems heavily relied on when there was a business day or more to investigate before the transaction cycle completed”, a spokesperson from Rambus told PaymentEye.

“Instead these systems need fast and secure automated checks, such as token domain controls, to provide an alternative level of assurance.”

Payment Account Tokenization secures card payments by replacing the valuable account credentials with a cryptographic token. This process significantly reduces the risk and impact of account-based fraud as the foundation of a safe and secure instant payments framework. When implemented by a centralized body, like a central bank, Payment Account Tokenization reduces fraud and enables key use cases like P2P, direct credit, and push payments in real-time.

By removing account numbers from the transaction process completely, tokenization can significantly reduce the risk and impact of account-based fraud and create secure real-time payments frameworks.

“In card payments, tokenization has already proven its effectiveness for securing (card) account data at rest, such as eCommerce card on file, and context specific (token domain controls), as used in Mobile Payments, including insuring the integrity of the underlying credential if a data breach exposes any token – only that one specific payment relationship is impacted, and only that one token needs to be replaced.”

“For (bank) account payments, with account numbers to protect on both sides, and the opportunity for both push (direct credit) and pull (direct debit) transactions, the same security properties from tokenization can be used to provide protection of the underlying account credential, and automated (token validity and domain) checks to protect both parties accounts during any transaction.”

Related reading