At a time when both banks and retailers are reeling from a rash of payment-data breaches, a technology company that has developed a system some believe could stop these breeches has announced that it has secured new patent protection for its technology.
Mentor, Ohio-based CardinalCommerce Corp. said this week it has received new intellectual-property protection with regard to its Universal Merchant Platform invention, which is related to tokenization technology.
The announcement comes at a time when many observers believe retailers need to give greater attention to tokenization as a means to prevent the type of security breaches announced by Target, Neiman Marcus, and a host of other retailers during the past few months.
“Tokenization helps a lot of e-commerce firms avoid the data breaches we’ve been hearing about,” says Shirley Inscoe, senior analyst for Aite Group LLC. “This technology is extremely important because it avoids having retailers carry actual card numbers. So even if there is a breach at a retailer’s system, the data obtained would have no value.”
Cardinal’s tokenization technology provides a one-time-use number to represent a credit or debit card number. This random token moves through the payment system in the same form as a card number. If hackers were to gain access to the number, they would not have the ability to convert the one-time number into the actual card number.
In addition to providing greater protection to customer data, the tokenization system reduces PCI compliance costs, provides protection to digital-wallet transactions, and facilitates the acceptance of alternative-payment brands, explains Mike Keresman, CardinalCommerce’s chief executive.
The most recent patent expands Cardinal’s current intellectual-property protection, Keresman says. The company already has 37 patents related to its technology, with another 100 or more pending, he says.
Keresman agrees that there has been a lot more interest in tokenization systems since news broke of the recent data breaches. His company currently works with more than 40,000 retailers.
While some payments experts point to the Europay-MasterCard-Visa chip card as being the best solution to breaches, Keresman argues that EMV only solves part of the problem. “EMV does a good job of preventing counterfeit cards and makes it very expensive to commit fraud in the brick-and-mortar world,” he says.
But Keresman says EMV won’t prevent online fraud. Fraudsters who gain access to card numbers will still be able to use those numbers online. And if EMV shuts down card fraud at brick-and-mortar locations, that will push criminals even farther into the online commerce world, he says.
Steve Mott, chief executive of Stamford, Conn.-based consultancy BetterBuyDesign, agrees that an announcement about tokenization patents could not come at a more opportune time. “Tokenization is all the rage right now because people understand EMV and NFC [near field communication] have so many flaws and wouldn’t have done much to soften the blows form the data breaches,” Mott says.
While tokenization has been around for some time, CardinalCommerce has made the application work, Mott says. “CardinalCommerce has been busy trying to fix the plumbing on e-commerce so that merchants, and eventually issuers, wouldn’t suffer all the dangers of online transactions,” Mott says. “A lot of people were pretty skeptical about whether anyone would be able to come up with workable solutions, much less a little company in Mentor, Ohio.”