Tokenisation: an innovator’s safe shortcut to invisible banking
There are many things that banking needs to be – quick, efficient, and seamless, to name but a few. But none of that counts for anything if it isn’t safe.
So how easy is it to be safe in a world of fraud and hacking and the countless other threats to our data and finances? The answer is, with tokenisation, it’s extremely easy.
If, for example, you’re developing a health and wellbeing app or a new real estate website, chances are you haven’t thought about what it takes to build banking grade applications. And why should you be? You want to offer services to your customers, not run a bank.
But if a company’s infrastructure isn’t PCI DSS (Payment Card Industry Data Security Standard) compliant, then it’s not secure enough to handle card-sensitive information for customers. This puts a serious spanner in the works when it comes to banking your customers.
One solution is to become PCI DSS certified. But this takes a long time and puts the brakes on a company’s ability to sell anything while they upgrade their IT infrastructure, write up lengthy policies and fill out forms which creates a serious overhead you have to maintain.
An alternative option is to scrap the painstaking PCI DSS compliance process and opt for outsourcing instead. But then you have to redirect customers to a third-party page every time they need to access bank sensitive information. This creates a bad user experience as the customer switches from one site to another.
Being pushed from pillar to post to payment platform isn’t exactly a seamless process for the end customer. And today’s customers expect a seamless, frictionless, experience, ideally completed in a click or two. So how can you get around this?
Weavr does away with these issues by utilising tokenisation. This is where sensitive data is swapped out for a non-sensitive token.
This means that the sensitive pieces of information, like card details, are securely stored elsewhere, while the token rests with the innovator. The token can then be translated into the sensitive data only when required and directly on the customer’s screen. By using a token to represent a card rather than handling card-sensitive information, you are safely outside the PCI DSS scope.
A direct link is created between Weavr and the customer, bypassing the innovator entirely. This means when it’s time to show card-sensitive details, these are shown to the customer safely and securely.
This takes the risk away from innovators, does away with the need to be PCI DSS compliant, and also acts as a white label solution, meaning your paying customers don’t have to be bounced around the internet to third party websites.
So, isn’t that what encryption is? Not exactly. They are closely related, but the primary difference is that with encryption, a piece of encrypted information can be decrypted if the encryption key is known. With tokenisation, there is no encryption key that can be stolen to obtain sensitive details. The token is translated into clear text only when the customer authenticates his identity.
With encryption, if someone gets hold of the key they can decrypt the encrypted information. With tokenisation the key is not shared and is always changing. So even if someone somehow manages to get hold of a token, it is only valid for a short period of time and cannot be exchanged for the clear text equivalent.
And if a single token had to somehow get compromised, all other tokens are still safe – unlike encryption, where a single breach with millions of sensitive records could lead to a disaster.
If encryption is the equivalent of hiding your front door key under a plant pot and hoping nobody finds it, tokenisation is the equivalent of hiding the key and changing the locks on your front door every half an hour as well.
As with all elements of embedded banking, seamlessness and invisibility to the end customer should be paramount. Tokenisation is no different and happens behind the scenes without the customer realising it’s happening.
Data security is no luxury. It’s a regulated obligation and a legal requirement. But even the best security leaves you at risk, as the data is your responsibility.
Not only does tokenisation take away the burden of compliance or the cost of employing a team of IT security technicians, it takes the sensitive data out of your hands and the risk along with it.
And Weavr doesn’t only make banking safe, we make it invisible. You can embed tokenised data in your product so that it compliments your company’s branding and user journey needs, making it a completely white label solution. Weavr are holding the sensitive data for you, and the end customer doesn’t even know we’re there.
That is what the customer wants – a straightforward, seamless, and safe approach to banking. So, why not offer it to them while getting the same peace of mind for yourself?
Embedding financial services into your product or service has never been simpler. The Weavr platform provides everything you need to integrate financial services seamlessly into your mobile app or SaaS application, safely, smoothly, and without the usual compliance burden. You can easily and quickly integrate banking capabilities such as cards, accounts and IBANs into your UX and workflows, for a seamless customer experience that directly enhances your offering.