PYMNTS-MonitorEdge-May-2024

TCH: Tokenization Removes Fraud Risk From Account-to-Account Transfers

There’s a fundamental vulnerability within the great digital shift, amid the contactless payments, the digital wallets, the new and mobile ways in which we pay:

Sensitive account information — who you are, where you live, the data that makes you, well, you — travels right alongside the transaction.

The myriad data breaches that seem to make headlines on a daily basis only underscore the fact that fraudsters are still in hot pursuit of data.

In an interview with PYMNTS’ Karen Webster, Russ Waterhouse, the executive vice president of product and strategy with The Clearing House, noted that tokenization keeps that data from fraudsters. And gives the consumer better control over their financial interactions, transacting with ease and peace of mind.

Tokenization refers to random digits that replace sensitive information and protect account holders as money moves between banks. Instead of account and routing numbers, these tokens are the points of contact for initiating and requesting payments and linking payment accounts.

The conversation came as TCH announced the Secure Token Exchange, a service being made available to participating financial institutions (FIs).

The exchange issues tokens for FI account numbers as transactions are done across the real-time payments and ACH networks. Those tokens can also be shared with third-party FinTechs and data aggregators through third-party service provider Akoya’s own data access network.

Read also: The Clearing House Offers Tokenization to Boost Financial Security

Tokenization, said Waterhouse, largely eliminates risks inherent in making payments from bank accounts, because sensitive data cannot be compromised if it’s not available in the first place.

The fact that the personal information is not stored means that the fraudsters get away with … well, not very much at all.

Wrapper Around Credentials 

The newly announced TCH service, he said, acts as a wrapper around a credential to ensure that it is secure and tokenized. And in a bit of additional defense, if accounts are compromised by fraudsters, the tokens can be deactivated and rendered useless.

“If we need to, we can ‘kill’ it,” he said, “and we will replace it.”  That saves the friction inherent in the wake of data breaches, which necessitate that consumers close the compromised accounts and open new ones with the same FI.

The urgency is there to reduce the risks as consumers continue to transact with a growing number of entities. “Certainly in the FinTech world,” he said, “the risk that the credential is compromised in a data hack just increases each and every day.”

As Waterhouse noted, the payment networks have been tokenizing card and PAN numbers “forever. This is something that is well known.”

But through the exchange itself, tokenization will become available for deposits and checking accounts over the company’s automated clearing house (ACH) EPN network later in the quarter.

Looking ahead, he said, there will be a greater push around open banking — especially if it’s deemed more secure. Tokenization thus will make greater inroads in the U.S., given the fact that the RTP network reaches 61% of U.S. demand deposit accounts.

In terms of the use cases, Waterhouse offered up the fact that managing ACH debit payments can be a difficult proposition, at least as they are traditionally managed. Consider the hypothetical situation where a subscriber can call up the gym, several times, to try to cancel their membership — but they keep getting billed.

“And now [with tokenization], you’ve got the option to just say no — it’s easy and it’s a huge improvement,” said Waterhouse. “This offers a much stronger position for consumer control,” said Waterhouse, who added, “this is a big lift for everyone involved.”

PYMNTS-MonitorEdge-May-2024