The reality is that the tokenization technology securing Apple Pay, Samsung Pay and Android Pay transactions very effectively protects consumers from card fraud – and much more effectively than swiping a physical card, something consumers do routinely without hesitation.

As a credit union, you are well positioned to introduce members to digital wallet technology – and correct any misperceptions they may have. Taking the time to educate members on these valuable new resources will both help better secure their payments and ease the burden that card fraud places on your credit union.

Here is what your members need to know:

Near-Field Communication 101

NFC is the technology that facilitates Apple Pay, Samsung Pay and Android Pay at the point of sale. NFC enables contactless payments by allowing two separate devices that are each equipped with an NFC chip to exchange data when placed in very close proximity to each other. Today NFC technology is embedded in the vast majority of new card readers being manufactured and has been adopted by Starbucks, Macy's, Walgreens and Target. Look for many, many more retailers to follow suit in the near term.

Tokenization Basics

While NFC makes it possible for consumers to pay at checkout via a mobile device, tokenization is the method used by Apple Pay, Samsung Pay and Android Pay to secure contactless payments. It does this by replacing a personal account number (PAN) with a randomly generated number, or token. Because the token is specific to a given device, such as a smartphone, it cannot be used by a fraudster on any other device. When a contactless payment is initiated, a secure dynamic code is also transmitted that is specific to that transaction.

The primary reason that tokenization is highly secure is that it allows a consumer to conduct a contactless payment from end-to-end without transmitting an actual account number. The original PAN is not even stored on the phone and never passes hands to the merchant.

Instead, the PAN remains stored in highly secure token vaults behind the firewalls at payments networks. In the event that a token is compromised, it can be disabled and replaced by a new token. There is no need to close actual card accounts or reissue physical cards – all of that information remains safely out of the fraudster's reach. 

Securing Apple Pay

Apple was the first of the digital wallet providers to bring tokenization to consumers. Today, Apple Pay is available on the iPhone 6 and iPhone 6 Plus, and can also be used with the Apple Watch.

In order for tokenization technology to secure Apple Pay payments, a hardware component known as the Secure Element must be in place. For Apple Pay, the Secure Element is a physical chip that resides on the phone to prevent hardware and software attacks on the device. The Secure Element stores the token on the device and also assists in generating the one-time code for each payment transaction. Apple Pay transactions are further secured with biometrics, and today require the user to authenticate payments with a fingerprint.

Apple Pay also supports in-app purchases from participating merchants – look for the Apple Pay button as a payment option.

Tokenization by Samsung Pay

Samsung Pay is available on seven of the company's Galaxy smartphones today. Across these devices, tokenization secures NFC payments in very much the same way it secures Apple Pay transactions. Each time a purchase is made, the Samsung Pay handset sends two pieces of data to the payment terminal. The first is the 16-digit token that represents the credit or debit card number, and the second is the one-time code or cryptogram that's generated by the phone's encryption key. The user's fingerprint or PIN authentication is also required to authorize payments. 

Samsung Pay offers a unique benefit to consumers, which is the addition of Magnetic Secure Transmission (MST) technology. MST allows Samsung devices to work with card readers that are not yet NFC-enabled – which means that Samsung Pay is universally accepted at checkout, even at terminals that are limited to magnetic stripe or EMV technology. 

MST works by emitting a magnetic signal that simulates the magnetic stripe on a physical card and exchanges data directly with a terminal's card reader. As a result, consumers can enjoy the speed and convenience of Samsung Pay wherever they shop – and all of their transactions are protected by tokenization, whether or not the merchant has NFC in place.

Android Pay and Host Card Emulation

Android Pay allows users to pay for purchases with an Android phone running Kit Kat (4.4) or higher. As with Apple Pay and Samsung Pay, Android Pay transactions are secured through tokenization technology.

One major difference between Android Pay and its rivals is that it employs a special form of NFC called Host Card Emulation. Unlike Apple Pay and Samsung Pay, this technology does not use the Secure Element embedded in the phone, but instead stores credentials, including the token data, in the cloud. Because Android is an open source code with thousands of versions, the Secure Element is not a viable solution. 

Android Pay transactions can be authenticated using a PIN, password or pattern.  Android Pay also supports in-app purchases from participating merchants.

Beyond the Digital Wallet

While digital wallets go a long way toward securing mobile payments, other complementary technologies can help as well. Read more here to learn how credit unions and their members can further enhance payment security. 

CO-OP Financial Services is a financial technology company that supports its network of 3,500 credit unions and their 60 million members by providing a cutting-edge suite of customizable tools and services. The company was the first in its industry to merge purpose, innovation and technology to help credit unions advance the industry mission of "people helping people."

CO-OP partners with its clients to bring the latest digital wallet solutions through its Wallet Enablement service. Learn more here.