Smart Tokens

In Open BankingProvides third-party financial service providers open access to consumer banking, transaction, and other financial data from banks and non-bank financial institutions through the use of application programming interfaces (APIs). Open banking will allow the networking of accounts and data across institutions for use by consumers, financial institutions, and third-party service providers., tokens replace identifying information about the user and the user's bank account information or the user and a payment request with what appears to be a random string of characters and numbers. Nobody knows what the token actually means or the information it contains except the bank. Tokens are made even more inscrutable using encrypted communication between the TPP, Token and the bank.

Smart tokens are at the heart of Token's Open Banking solution. Each token comprises three major components: asset, rules, and state. The asset is what the token represents (i.e., what it is being exchanged for). The rules govern how it can be used, when it can be used, by whom and with whom. Its state reflects whether or not it is active/unused, canceled, or redeemed. What this all boils down to is that a token can be used only once and only by the party to whom it was originally issued and strictly for the purpose for which it was issued, providing inherent security in each request-reply exchange.

For PSD2PSD2 stands for Payment Services Directive 2 and is a new EU regulation in effect since September 14, 2019. It governs electronic and other non-cash payments. The main provision of PSD2 is for Strong Customer Authentication (SCA), a process that seeks to make online payments more secure and reduce fraud while increasing authorisation rates. The European Banking Authority (EBA) recently extended the deadline for PSD2 compliance until December 31, 2020., smart tokens come in two kinds: transfer tokens and access tokens. Transfer tokens authorize payment or the transfer of assets or funds from a payer to a designated payee. They function as programmable money. Access tokens authorize user-approved access to a member's bank account information. The type and level of access granted by the bank depends on the conditions set for the access token — “who,” “what,” “how,” and "when" that data can be accessed and "by whom".

A typical transfer token use case comes to bear when a business (the payee) requests a member (the payer) to authorize a smart token to pay for an online purchase: “Allow Business XYZ to initiate a payment from my bank account to pay €224 for order 79262212.“

A typical access token use case is when a member (the grantor) authorizes a service (the grantee) to access and aggregate their bank account information.

A token is created upon successful user authenticationStrong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments. with the bank. It contains all the details specified in the request.

Tokens are redeemed to execute a payment (single, future-dated, bulk transfers) or a series of payments (recurring, based on a standing order), or to access account information. For transactions, you will receive a transfer ID in a callback from Token after successfully initiating a payment on your user's behalf. This means the transfer token has been redeemed and no further action is required. For account information, the access token ID you receive in response to an AIS request is redeemed in accordance with the consent granted by the user for account balance(s) and/or transaction history.

An unused token can be retrieved to check its status based on matching properties. Unredeemed tokens can be canceled at any time.