What is personalization?
We are hard at work on the September milestones and will have progress to report soon. For this update, we wanted to provide some details about how your Pagaré is personalized with your credit card information and how that information is kept safe.
We’ve described previously how Pagaré uses tokenization to keep your credit card information secure by changing your primary account number (or PAN) into a surrogate piece of data called a token. As we detailed in last month’s update, the first step of the tokenization process is creating and loading a Security Domain on the Secure Element within Pagaré where the token is safely stored. The next step is loading the tokenized credit card. This process is called Personalization.
Pagaré must be personalized with a token of your PAN before you can use it to purchase goods and services at retail locations, and each credit card you want to use must go through this process separately.
Here’s how it works:
Step 1: Enter your credit card information
Using the Pagaré application you will be able to digitize your card by simply taking a picture with your phone’s camera. Easy peasy.
Step 2: Check and Verify Eligibility
The tokenization request is sent to the appropriate card network to check card and device eligibility. This means that your bank is part of the card network tokenization program and has approved Pagaré as a participating device.
Step 3: Terms & Conditions Request
If the card and device are eligible then the issuing bank sends back Terms and Conditions (T&C) for you to accept in order to tokenize your card.
Step 4: Tokenization Request
When the T&Cs are accepted then a token is requested from the card network, which is then passed to the card issuing bank.
At this point the issuing bank will either approve, decline or require additional consumer authentication for the tokenization request. Banks may require additional Identification and Verification (ID&V), also called a step-up authentication, by having the consumer call the bank or enter a code that is sent to them through email or text using the consumer contact information at the bank.
Step 5: Provisioning Request
A provision request is made to the platform indicating that the token should be provisioned to Pagaré.
Step 6: Tokenization
The platform creates a script containing APDU (application protocol data unit) commands needed to provision the token.
Step 7: Provisioning
Provisioning is completed OTA (over the air) by sending the APDU command script to Pagaré. These commands instruct the device to securely load the token in the appropriate Security Domain on the Secure Element embedded in the Pagaré smartstrap.
Step 8: Token Activation
When the token is successfully loaded then an acknowledgement, or provision receipt, is sent back and the token is mapped by the Token Service Provider (TSP) and activated by the issuing bank. A notification that the token is active and you can start using your Pagaré for that card is sent back to you.
For the case where the bank requires additional authentication (ID&V), the token mapping and activation are not completed until consumer verification is confirmed.
With Pagaré, this process happens instantly and seamlessly behind the scenes. The result is that you are able to securely use your Pagaré at retail locations without exposing your credit card data. That keeps your personal information safe, while you enjoy the convenience of paying with a simple wave of your wrist.
Watch for more updates soon.
The FitPay Team