Tokenization and Sodexo
Most of us today own and use a bank card to pay for merchandise for various goods and services. Sodexo has recently begun giving its boarders credit cards that can be used in a similar way within the benefits it offers.
The current trend is to use smart devices such as smartphones, watches, and bracelets to create a contactless transaction with a similar course and with the same result, that is, a payment. However, smart devices are generally not considered as a trustworthy environment comparable to a payment card, and this payment method needs to be protected from external influences and minimizing the risk of compromise that can lead to the disposal of funds.
Tokenization is a process by which the primary account number (PAN) is replaced with a surrogate value called a -token. De-tokenization is the reverse process of redeeming a token for its associated PAN value. The security of an individual token relies predominantly on the infeasibility of determining the original PAN knowing only the surrogate value.
The presentation will be devoted to the genesis of the payment tokenization of boarders of Sodexo cards in the Czech Republic, as well as to the enlargement for other European states. Within this we will discuss the aspects that play an important role in the implementation of the solution and its integration into the real world and use. We will show the main differences between native payment token deployments on mobile devices (such as Google Pay, Apple Pay) and our own apps. We will show models how to achieve the goal, which in this case is a credible way to use payment tokens to provide customer payments with minimal impact on the security of actual card data printed on plastic payment cards.
Roman Cinkais graduated at the Faculty of Mathematics and Physics at the Charles University in Prague, where started to devote himself to mathematical methods of information security. In this respect, continued as an information security specialist. His main focus is the analysis of security requirements of information systems as well as the design of the measures and protections in the framework of new and existing systems and technologies. In addition to information security, he also dealt with algorithmic trading on capital markets.
He is currently working for Diebold Nixdorf as consulting leader and supervisor for technical quality assurance. His focus is on creating measures for information security, especially in public key technologies, multi-factor authentication, biometrics, and cryptographic key management.