Home Industry Finance Insights: Here’s how to fight fraud with tokenisation As financial services become more sophisticated, so do the fraudulent techniques used by scammers. But this is where tokenisation can make a difference by Hussam Kayyal January 11, 2024 Image: Getty Images As financial services become more sophisticated, so do the fraudulent techniques used by scammers. But this is where tokenisation can make a difference Residents of the UAE have undoubtedly experienced their fair share of fraudulent phone calls and text messages from scammers attempting to obtain their personal information. Sixty-six per cent of UAE residents have received messages from scammers posing as their bank. With the growing threat of data scams, an increased need for security measures has emerged – measures that protect both customer data and the reputation of businesses. As the e-commerce industry in the GCC expands, the security of data in online payments is an important cause for concern. Fintech has evolved to deliver more ways to bank and buy online, however, it has also increased the risks associated with data security. Sure, we can now make a payment with just a tap, or auto-save our payment details in apps, but does that mean the merchant you’re paying, or anyone else for that matter, has access to your card details? Where tokenisation can help With the implementation of tokenisation, the answer is no. Payment tokenisation is a security technique used by financial institutions and merchants that replaces sensitive payment information, such as credit card numbers, with a unique set of characters. These characters, which are randomly generated by an algorithm, create a ‘token’. Tokens can pass through the internet or other wireless networks to process a payment without ever exposing credit card details. Tokenisation is the technology used for touch-and-go payments, such as Apple or Google Pay, and for in-app purchases. When these transactions occur, only the digital token is transmitted to the merchant or app, keeping card details completely secret and safe. It’s important to note that Tokenisation does not guarantee that security breaches won’t happen. It does, however, guarantee that if they do happen, vital data is protected. Since card data is replaced with a token that cannot be decoded or traced back to the owner, the token itself does not provide any value to scammers. In addition to enhanced safety, organisations can benefit from several advantages by implementing tokenisation. For example, it has great potential to help e-commerce businesses flourish by enabling merchants to accept subscriptions or recurring payments. Since tokens are used, the customer’s actual financial information is not stored with the business. This allows businesses to accept subscriptions or recurring payments, without bearing the risk of storing sensitive card information. It also enables faster and more efficient transactions by eliminating the need for intermediaries, such as banks, to validate transactions. This reduces transaction fees and settlement times, making it more cost-effective and efficient for businesses. With the UAE’s e-commerce market forecasted to increase by 60 per cent by 2025, tokenisation can support businesses through this surge. Another benefit is that tokenisation helps ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS) – a globally recognised standard created to better control cardholder data and reduce credit card fraud. By ensuring compliance and simultaneously protecting customer information in the case of a security breach, tokenisation can safeguard companies against lawsuits and legal implications that could cost money and harm business reputation. And then there’s the invaluable advantage of trust. Almost half of all consumers in the region lose trust in a company whose name appears in fraudulent communication, despite the company having no actual connection to it. Tokenisation not only protects the reputation of your business, but helps build trust with your customers. In my experience working with a regional fintech company, you cannot put a price on ensuring the security of customer data. We’ve had the opportunity to develop end-to-end tokenisation solutions for a variety of financial institutions and merchants in the region. Using Android and iOS-certified software development kits, we’ve enabled functionality across mobile banking apps and touch-and-go payment systems. Another key to successful tokenisation solutions has been ensuring compliance with PCI DSS best practices. More applications And it’s not just card numbers that can be tokenised. A variety of sensitive information can be ‘tokenised’ by banks to enhance safety. Addresses, phone numbers and other personal details can be replaced with tokens so if unauthorised access occurs in banking systems, only tokens can be obtained, which have no value to scammers. Tokenisation can also be used in ATM transactions to ensure secure communication between the ATM and bank servers to prevent skimming and other attacks on ATM infrastructure. As financial institutions and businesses across the GCC continue to deliver more innovative, app-based customer experiences, they need to be more mindful than ever before of the evolving risks posed by online data fraud. Leveraging tokenisation protects customer data, but it also safeguards a company’s reputation. In a world where trust can so easily be breached, tokenisation is a vital tool to build and retain it. The writer is the chief revenue officer at Foo. Tags fraud inisghts Online Payments Technology Tokenisation You might also like Eight Sleep expands into UAE, offering smart sleep solutions Thales’ Elias Merrawe on shaping the future of flight Review: HMD Skyline – A fresh take on smartphone design Lenovo, world’s largest PC maker, to launch factory in Saudi Arabia