Smart Tokens
In Open Banking, tokens replace identifying information about the user and the user's bank account information or the user and a payment request with what appears to be a random string of characters and numbers. Nobody knows what the token actually means or the information it contains except the bank. Tokens are made even more inscrutable using encrypted communication between the
Smart tokens are at the heart of Token.io's Open Banking solution. Each token comprises three major components: asset, rules, and state. The asset is what the token represents (i.e., what it is being exchanged for). The rules govern how it can be used, when it can be used, by whom and with whom. Its state reflects whether or not it is active/unused, canceled, or redeemed. What this all boils down to is that a token can be used only once and only by the party to whom it was originally issued and strictly for the purpose for which it was issued, providing inherent security in each request-reply exchange.
A typical transfer token use case comes to bear when a business (the payee) requests a member (the payer) to authorize a smart token to pay for an online purchase: “Allow Business XYZ to initiate a payment from my bank account to pay €224 for order 79262212.“
A typical access token use case is when a member (the grantor) authorizes a service (the grantee) to access and aggregate their bank account information.
A token is created upon successful user authentication with the bank. It contains all the details specified in the request.
Tokens are redeemed to execute a payment
An unused token can be retrieved to check its status based on matching properties. Unredeemed tokens can be canceled at any time.