There’s something magical about paying with cards. It is extremely unsafe to do it, and yet it is the most common way to buy things. Everywhere, all the time.

It’s not like the insecurity of card payments is a secret. On the contrary: cards are not safe by design. We’ve covered a few times in The Playbook how naive and insecure it is to share with an unknown website the 16 numbers on your card. These numbers open the gates to your bank account, and often to highly expensive, unsecured loans.

But the world keeps rolling: you pay with card, and so does many other people worldwide.

Payment Cards Are An Insecure Protocol

Alvaro Duran

·

November 6, 2024

Read full story

Credit cards are the technical debt of the payments industry. They work so well, no other payment method has been able to topple them down as the de facto standard way to purchase things, decades after they were invented.

And sure, we’ve got Apple and Google trying very hard at replacing the plastic card with smartphones.

But smartphones and plastic cards alike are mere conduits of what a payment card really is: those not-so-secret 16 numbers, the expiration date and the CVV. It is the data, not the vessel, that’s valuable.

Our physical experience at the counter has experience a whirlwind of changes. We used to swipe and sign on the check; we now tap to pay, or scan a QR code. It’s not unlikely that some other way to authorize a payment will arise soon.

That’s the vessel part. The data part? It’s all the same since 1958: there’s a piece of data that an authority recognizes as your credentials.

This, in essence, is what tokens really are.

I’m Alvaro Duran, and this is The Payments Engineer Playbook. Over the last two weeks, I’ve been exploring how payment systems are made reliable, not with infrastructure, but with software. In order to provide the desired “always-on” capabilities that payment systems require, engineers often rely on software tricks rather than esoteric infra configurations.

This is the third installment of a 4-part series that expands on a talk I gave a few weeks ago, where I discussed these topics:

• Production Testing

• Redundancy

• Tokenization (this article)

• Fallbacks

Today, I’m talking about tokens: those uuid references that fly around every time some payment fails. They’re a crucial component of how payment systems orchestrate retries, because they’re a reference to those insecure credentials you’re not supposed to have, or share.

Tokens belong to the part of the payments infrastructure that’s changed a lot without anyone outside the industry really noticing. But, for payments engineers, tokens are not what they used to be, not even five years ago.

And, with Mastercard pledging to ban manual card entry by 2030, tokens are going to become foundational for payments, if they aren’t already.

This article focuses on

• How Tokens solve the credit cards’ insecure protocol

• The differences between Card-on-file, DPAN, MPAN, and network tokens

• What do people mean by “interoperability”, and its implications for privacy

• Why would you use tokens for one time payments

• Yeah, some AI (I wish I didn’t have to, but it’s relevant).

On top of that, I’ve added some useful references at the end if you want to learn even more.

Enough intro, let’s dive in.