MAG Insights

Announcements from the MAG & Featured Articles

MAG Sets Forth Merchant Requirements for Tokenization

Today, the Merchant Advisory Group (MAG) released a set of recommendations regarding the development of tokenization technology in the United States. Tokenization is a security process whereby sensitive information, such as credit or debit card data, is replaced with a unique token, symbol or other set of data so that the initial data set is completely hidden and devalued from potential cyber threats. Tokenization can be utilized well beyond payment card data. It can be used to mask driver’s license numbers, social security numbers, passport data, and even gift cards or electronic checks. Given the diverse nature of data points that can be incorporated into an effective tokenization solution, MAG member companies feel strongly that tokenization standards, which will serve as the base for many mobile commerce security platforms, must be developed through an open and democratic standards process. 

“Tokenization technology has the potential to provide the greatest level of protection against fraud, enhance competition, and provide the highest level of return on investment for commercial stakeholders,” said Merchant Advisory Group CEO, Mark Horwedel.  “Given the existing unhealthy level of market concentration in the payments industry, it is imperative that tokenization standards be developed in an open standards environment in order to ensure a competitive landscape under which the technology and all payments stakeholders can evolve and deploy the most effective data security measures for the benefit of U.S. businesses and consumers.” 

Many merchants, particularly in the e-commerce space, have developed their own tokenization solutions and products. These products and solutions protect data that is much broader than just payments, and were created to fill a security void, in part, created by lack of innovation by the card industry. The MAG strongly believes adoption of narrow, payment card-only tokenization schemes should not be required of any merchant or issuer by any network or processor unless the network or processor assumes all costs and liability associated with those transactions.   According to the Federal Reserve, merchants currently bear well over 70% of fraud losses on e-commerce debit transactions, and the MAG estimates that number is much higher for credit cards. 

“We are at a critical juncture in the development and deployment of this important security technology for mobile commerce,” said Horwedel. “The U.S. has the potential to be a world leader in laying the groundwork for strong mobile commerce security measures, but we cannot afford to put this process solely in the hands of the stakeholders who have kept the U.S. lagging behind the rest of the world in payments speed, security, and efficiency for the last half a century.”

The MAG recommendations focus on 1) open standards development and interoperability; 2) the deployment of the most effective security solutions; 3) fostering a competitive environment under which the technology is accessible, affordable, and able to evolve with marketplace demands; and 4) ensuring common sense business operations and data management.

View the full list of MAG recommendations

Other Resources:

View the joint merchant trade association statement supporting open tokenization standards creation

Read about MAG’s participation in the Accredited X.9 Standards Organization

More from MAG CEO, Mark Horwedel, on tokenization

Views from MAG Vice President, Liz Garner on tokenization

More views from MAG Vice President, Liz Garner on tokenization