Total control over your Personal Data via the Token-based Loyalty Program
Tokenization is the process of converting meaningful data, such as the payment card number, into a random string of characters called a token that has no value if breached. Tokens reference the original data, but cannot be used to extract the information behind the token. Tokens are widely used in the payment card industry to protect the primary account number (PAN) of cardholders from hacking or unauthorized use. Both Apple Pay and Google Pay use tokens to facilitate contactless (NFC) payment via mobile devices.
The Token-based Loyalty Program repurposes an industry standard to allow payment cardholders to participate in an infinite number of merchant loyalty programs without disclosing their personal and confidential information. Currently merchants require a new member to share their personal data, such as phone number, email address, driving license before enrolling them into their loyalty program. This practice often results in serious and unintended consequences.Â
The Token-based loyalty program gives customers the peace of mind from hacking and loss of personal data. To enroll in the Token-based Loyalty Program, a user needs to register their payment card tokens into their account on the ValiDeck platform. Thereafter, every time the user initiates a transaction via the tokenized payment card, a copy of the transaction record linked to the payment card token, will be saved in their ValiDeck account.
Registering Tokenized Cards on ValiDeck
ValiDeck account holders request their payment card issuers to tokenize their payment card.
ValiDeck partner banks and card issuers tokenize payment cards issued by them and encrypt the token with the ValiDeck public key. The token is stored in the issuer database as a Key : Value pair with the matching card number.
Payment card issuers send the encrypted token to ValiDeck. The tokens can be decrypted only via the matching private key available at the ValiDeck platform.
ValiDeck decrypts the token and stores it in a queue. It then sends a notification of this to the issuer, which notifies the customer that the token is available for registration.
The customer registers the token into its account on the ValiDeck platform.
Linking Tokenized Cards with Transactions
ValiDeck account holders are able to capture their transaction records/invoices online into their account. To save the transaction record into their account, they use their payment card like any ordinary person. The card can be tapped, swiped, or inserted into a payment cube.
ValiDeck partner businesses and service providers request their acquiring bank for an authorization of the transaction and the token number linked to the card. The acquiring bank forwards this request to the payment network, which subsequently passes it to the payment card issuer.
Payment card issuers look up the customer account balance and authorize the transaction. The authorization is sent along with the linked token number to the payment network which forwards it to the acquiring bank. The token number is encrypted with the ValiDeck public key.
ValiDeck partner businesses and service providers receive the transaction authorization and the token number from the acquiring bank. The transaction record is linked with the token number via an API call and transmitted to the ValiDeck platform.
The ValiDeck system decrypts the token number and looks up the customer account containing the token number. Once the customer account is found, the transaction record is written into the ValiDeck database and linked to the customer account number.
