In an effort to make to make Internet and mobile transactions more secure, American Express has launched a new service that aims to replace payment card numbers with unique tokens.E-commerce sites and digital wallet applications that use the company’s new token service won’t have to store customers’ card details. Instead merchants, banks and payment processors will be able to work with digital tokens that are mapped to real payment card accounts.The payment tokens can be tied to specific merchants, transaction types or payment devices, limiting the ability of cybercriminals to misuse them if compromised. This means that widespread adoption of tokenization for card-not-present transactions would likely reduce fraud.Unlike payment card numbers, if tokens are compromised, they can easily be revoked and replaced without the need to physically reissue the cards they link back to. The American Express Token Service is based on the Payment Tokenization Specification and Technical Framework published this year by EMVCo, the organization that maintains the EMV standard for chip-enabled payment cards. It is already available in the U.S. and American Express plans to start rolling it out internationally in 2015.The service’s release comes at a time of growing mobile payments adoption, partially driven by the launch of Apple Pay, which also uses tokenization. Major U.S. and international banks are also planning to launch their own mobile payments apps next year. Those apps will likely use a technology called Host Card Emulation (HCE) that is present in NFC-enabled mobile devices running Android 4.4 “KitKat.” American Express has also developed network specifications for HCE to enable its card-issuing partners to use the technology. Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe