The Clearing House Payments Co. LLC is exploring implementing a token system to help protect sensitive consumer information for all automated clearing house transactions. TCH is already utilizing tokenized credit card numbers and is seeking to expand that system in the wake of so many security breaches in the past six months.
Credit card security came under immense scrutiny following major breaches beginning with Target Co. in November 2013.
A ‘token system’ uses a server-generated number to replace a customer’s credit card number. Banks use these token numbers to track any given transaction. Yet these token numbers aren’t sensitive as they’re essentially throw-away entities once a transaction is complete. This protects customers as their actual card number isn’t used while the information is vulnerable to theft. TCH already replaces credit card numbers with secure tokens but now they’re looking to expand this approach.
The expansion of this system would provide a significant security boost to ACH check processing as consumer information like bank accounts and routing numbers are static. A bank account number cannot be re-issued like a credit card and therefore it’s a sitting duck target for attackers. TCH’s looking at replacing bank account numbers and bank routing numbers, vulnerable during ACH check processing, with tokens within their system to provide an extra layer of security for consumers.
To pragmatically facilitate this system tokens will be made user-friendly. They frequently contain the same number of digits as the number they are masking and, in the case of credit cards, may even preserve the last 4 digits while protecting the rest of the credit card number.
There is the option in a token system to re-use the tokens and keep them static as a long-term disguise or to change more frequently. A dynamic system would be inconvenient for merchants taking repeated payments.