Last updated: 01 August 2016
EMVCo has published a Tokenisation Framework in 2014, with new data fields (e.g. Token, Token Requestor ID, Token Cryptogram, Token Assurance Level, PAR etc.) to provide richer information about the payment transaction. The use of a payment token can be restricted by e.g. device, merchant, transaction type, date range or channel and the EMVCo Framework introduced two new entities: Token Requestor and Token Service Provider (TSP). Tokens are generated within a specific Token BIN range and flagged accordingly in all appropriate BIN tables and they can be issued with all possible CVMs (no, signature, on/offline PIN), determining the associated Token Assurance Level.
For Europe, limited changes on the Acquirer to Issuer switching domain are needed since most new data elements have no impact on the message exchange (new data element replaces already existing data element) and only few new data elements could have an impact (depending on scheme and use case).
ISO TC68/SC7/TG1 is working on integration of tokenisation in ISO8583 and ISO20022, covering token provisioning, management and processing (efforts are addressed at TSP APIs, not on internal TSP operations itself).
The Berlin Group will assess the impact on Berlin Group ISO8583 authorisation standards and SCC Framework clearing standards once the ISO documents will become available.