PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Tracked metadata: Sourced from EMVCo's public document index. PCI Watch records each document's details and its extracted text so changes can be tracked over time; the document PDF itself is hosted by EMVCo.
View on EMVCo.com →

EMV Payment Tokenisation A Guide to Use Cases v2.3_DRAFT: Comment Period ends 1 May 2026

v2.3 Draft Specification
Payment Tokenisation
Extracted document text

EMVCo's index flattens the document's layout, so this text is best used for searching and comparing versions rather than reading end-to-end.

This document is large; EMVCo's index truncates its extracted text, so the excerpt below is partial.

EMV® Payment Tokenisation A Guide to Use Cases Version 2.3 DRAFT April 2026 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Legal Notice Page i / xii This document is subject to change by EMVCo at any time. This document does not create any binding obligations upon EMVCo or any third party regarding the subject matter of this document, which obligations will exist, if at all, only to the extent set forth in separate written agreements executed by EMVCo or such third parties. In the absence of such a written agreement, no product provider, test laboratory or any other third party should rely on this document, and EMVCo shall not be liable for any such reliance. No product provider, test laboratory or other third party may refer to a product, service or facility as EMVCo approved, in form or in substance, nor otherwise state or imply that EMVCo (or any agent of EMVCo) has in whole or part approved a product provider, test laboratory or other third party or its products, services, or facilities, except to the extent and subject to the terms, conditions and restrictions expressly set forth in a written agreement with EMVCo, or in an approval letter, compliance certificate or similar document issued by EMVCo. All other references to EMVCo approval are strictly prohibited by EMVCo. Under no circumstances should EMVCo approvals, when granted, be construed to imply any endorsement or warranty regarding the security, functionality, quality, or performance of any particular product or service, and no party shall state or imply anything to the contrary. EMVCo specifically disclaims any and all representations and warranties with respect to products that have received evaluations or approvals, and to the evaluation process generally, including, without limitation, any implied warranties of merchantability, fitness for purpose or noninfringement. All warranties, rights and remedies relating to products and services that have undergone evaluation by EMVCo are provided solely by the parties selling or otherwise providing such products or services, and not by EMVCo, and EMVCo will have no liability whatsoever in connection with such products and services. This document is provided "AS IS" without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in this document. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT, AS TO THIS DOCUMENT. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to this document. EMVCo undertakes no responsibility to determine whether any implementation of this document may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of this document should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, this document may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement this document is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party's infringement of any intellectual property rights in connection with this document. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page ii / xii Revision Log – Version 2.3 DRAFT The following changes have been made to the document since the publication of version 2.2.1: • Minor editorial changes • In Section 4: o Modification of Token Issuance and Token Provisioning relationships to allow for PAN or Payment Token to be provided o Addition of new function for the A4. Token Service Provider – Authorised Entity (Token Requestor) relationship (Section 4.1.4) to support the use of Payment Tokens during Token Issuance • Addition of new use case example, Merchant Token Issuance with a Wallet Token (Section 8.9) • Addition of new use case variation, E-Commerce Transaction with a Token Cryptogram (Section 9.5) • Addition of new Payment Account Reference use case example, Co-badged Cards (Section 12.3) © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page iii / xii Contents Legal Notice ............................................................................................................. i Revision Log – Version 2.3 DRAFT........................................................................ ii Contents ................................................................................................................. iii Figures.................................................................................................................... ix Tables ..................................................................................................................... xi 1 Introduction ....................................................................................................... 1 1.1 Scope ......................................................................................................... 1 1.2 Overview .................................................................................................... 2 1.3 Audience .................................................................................................... 3 1.4 References ................................................................................................. 3 1.4.1 Published EMVCo Documents ........................................................ 4 1.5 Definitions .................................................................................................. 4 1.6 Notational Conventions .............................................................................. 4 1.6.1 Abbreviations .................................................................................. 4 1.6.2 Terminology and Conventions......................................................... 5 1.7 Further Information ..................................................................................... 6 2 Token Programme Participants........................................................................ 7 2.1 Card Issuers ............................................................................................... 7 2.2 Token Service Providers ............................................................................ 8 2.3 Token Requestors ...................................................................................... 9 2.4 Token Users ............................................................................................. 10 2.5 Payment Tokenisation Aggregators .......................................................... 12 2.5.1 Token Requestor Aggregators ...................................................... 12 2.5.2 Card Issuer Aggregators ............................................................... 13 3 Relationship Model Descriptions ................................................................... 15 3.1 Relationship Model Diagram..................................................................... 15 3.2 Understanding the Relationship Model Diagram ....................................... 17 4 Token Issuance and Token Provisioning ...................................................... 19 4.1 Token Issuance and Token Provisioning Relationships and Functions ..... 19 4.1.1 A1. Cardholder – Authorised Entity (Token Requestor)................. 20 4.1.2 A2. Cardholder – Merchant (Token User) ..................................... 20 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page iv / xii 4.1.3 A3. Merchant (Token User) – Authorised Entity (Token Requestor) ..................................................................................................... 20 4.1.4 A4. Token Service Provider – Authorised Entity (Token Requestor) ..................................................................................................... 20 4.1.5 A5. Card Issuer – Token Service Provider .................................... 21 4.1.6 A6. Card Issuer – Cardholder........................................................ 21 4.1.7 B1. Token Service Provider – Authorised Entity (Token Requestor) ..................................................................................................... 21 4.1.8 B2. Cardholder – Authorised Entity (Token Requestor)................. 21 4.1.9 B3. Merchant (Token User) – Authorised Entity (Token Requestor) ..................................................................................................... 22 4.1.10 Variations to Relationships............................................................ 22 4.2 Token Issuance Characteristics................................................................ 22 4.3 Token Provisioning Characteristics........................................................... 23 5 Token Presentment ......................................................................................... 24 5.1 Token Presentment Relationships and Functions ..................................... 24 5.1.1 5.1.2 5.1.3 5.1.4 C1. Consumer / Cardholder – Merchant........................................ 25 C2. Cardholder – Authorised Entity (Token Requestor)................. 25 C3. Merchant (Token User) – Authorised Entity (Token Requestor) ..................................................................................................... 25 Variations to Relationships............................................................ 25 5.2 Token Presentment Characteristics .......................................................... 26 6 Token Processing ........................................................................................... 27 6.1 Token Processing Relationships and Functions ....................................... 27 6.1.1 6.1.2 D1. Merchant – Existing Payment Ecosystem Entities .................. 28 D2. Authorised Entity (Token Requestor) – Existing Payment Ecosystem Entities........................................................................ 28 6.2 Token Processing Characteristics ............................................................ 28 7 Payment Token Characteristics ..................................................................... 30 8 Use Case Examples ........................................................................................ 32 8.1 Introduction .............................................................................................. 32 8.1.1 8.1.2 8.1.3 8.1.4 8.1.5 Relationship Models...................................................................... 32 Example Flows ............................................................................. 32 Payment Account Reference Data ................................................ 33 Proximity vs Non-proximity............................................................ 33 Digital Wallets ............................................................................... 34 8.2 Proximity at Point of Sale.......................................................................... 34 8.2.1 Use Case Overview – Problems Addressed & User Experience ... 35 8.2.2 Use Case Relationships and Functions......................................... 35 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page v / xii 8.2.3 8.2.4 8.2.5 8.2.6 8.2.7 Use Case Characteristics.............................................................. 38 Payment Token Characteristics .................................................... 39 Issuance Flow ............................................................................... 40 Transaction Flow........................................................................... 42 Variations of User Experience....................................................... 43 8.3 Online Wallet ............................................................................................ 44 8.3.1 8.3.2 8.3.3 8.3.4 8.3.5 8.3.6 8.3.7 Use Case Overview – Problems Addressed & User Experience ... 44 Use Case Relationships and Functions......................................... 44 Use Case Characteristics.............................................................. 47 Payment Token Characteristics .................................................... 48 Issuance Flow ............................................................................... 49 Transaction Flow........................................................................... 51 Variations of User Experience....................................................... 53 8.4 In-Application using a Consumer Device .................................................. 53 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.4.6 8.4.7 Use Case Overview – Problems Addressed & User Experience ... 54 Use Case Relationships and Functions......................................... 54 Use Case Characteristics.............................................................. 56 Payment Token Characteristics .................................................... 57 Issuance Flow ............................................................................... 57 Transaction Flow........................................................................... 58 Variations of User Experience....................................................... 59 8.5 Card-On-File E-Commerce ....................................................................... 59 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5 8.5.6 8.5.7 Use Case Overview – Problems Addressed & User Experience ... 60 Use Case Relationships and Functions......................................... 60 Use Case Characteristics.............................................................. 63 Payment Token Characteristics .................................................... 64 Issuance Flow ............................................................................... 65 Transaction Flow........................................................................... 67 Variations of User Experience....................................................... 69 8.6 E-Commerce Guest Checkout .................................................................. 69 8.6.1 8.6.2 8.6.3 8.6.4 8.6.5 8.6.6 8.6.7 Use Case Overview – Problems Addressed & User Experience ... 69 Use Case Relationships and Functions......................................... 70 Use Case Characteristics.............................................................. 73 Payment Token Characteristics .................................................... 74 Issuance Flow ............................................................................... 74 Transaction Flow........................................................................... 76 Variations of User Experience....................................................... 78 8.7 Third Party Service Provider ..................................................................... 78 8.7.1 Use Case Overview – Problems Addressed & User Experience ... 78 8.7.2 Use Case Relationships and Functions......................................... 79 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page vi / xii 8.7.3 8.7.4 8.7.5 8.7.6 8.7.7 Use Case Characteristics.............................................................. 83 Payment Token Characteristics .................................................... 84 Issuance Flow ............................................................................... 84 Transaction Flow........................................................................... 87 Variations of User Experience....................................................... 89 8.8 Merchant-Initiated Transaction ................................................................. 89 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.8.6 8.8.7 Use Case Overview – Problems Addressed & User Experience ... 90 Use Case Relationships and Functions......................................... 90 Use Case Characteristics.............................................................. 91 Payment Token Characteristics .................................................... 92 Issuance Flow ............................................................................... 93 Transaction Flow........................................................................... 93 Variations of User Experience....................................................... 95 8.9 Merchant Token Issuance with a Wallet Token......................................... 95 8.9.1 8.9.2 8.9.3 8.9.4 8.9.5 8.9.6 8.9.7 Use Case Overview – Problems Addressed & User Experience ... 95 Use Case Relationships and Functions......................................... 96 Use Case Characteristics.............................................................. 99 Payment Token Characteristics .................................................... 99 Issuance Flow ............................................................................. 100 Transaction Flow......................................................................... 102 Variations of User Experience..................................................... 102 9 Use Case Variations...................................................................................... 103 9.1 Payment Tokenisation Aggregator.......................................................... 103 9.1.1 Token Requestor Aggregator ...................................................... 103 9.1.2 Card Issuer Aggregator............................................................... 105 9.2 Bulk Token Request ............................................................................... 107 9.2.1 9.2.2 9.2.3 9.2.4 9.2.5 9.2.6 9.2.7 Use Case Overview – Problems Addressed & User Experience . 108 Use Case Relationships and Functions....................................... 109 Use Case Characteristics............................................................ 109 Payment Token Characteristics .................................................. 109 Issuance Flow ............................................................................. 109 Transaction Flow......................................................................... 112 Variations of User Experience..................................................... 112 9.3 Token Reference IDs.............................................................................. 112 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 Use Case Overview – Problems Addressed & User Experience . 113 Use Case Relationships and Functions....................................... 114 Use Case Characteristics............................................................ 116 Payment Token Characteristics .................................................. 116 Issuance Flow ............................................................................. 117 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page vii / xii 9.3.6 Transaction Flow......................................................................... 118 9.3.7 Variations of User Experience..................................................... 121 9.4 Token Service Provider in the Issuer Domain ......................................... 121 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.4.6 9.4.7 Use Case Overview – Problems Addressed & User Experience . 122 Use Case Relationships and Functions....................................... 123 Use Case Characteristics............................................................ 123 Payment Token Characteristics .................................................. 123 Issuance Flow ............................................................................. 123 Transaction Flow......................................................................... 125 Variations of User Experience..................................................... 128 9.5 E-Commerce Transaction with a Token Cryptogram .............................. 128 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.5.6 9.5.7 Use Case Overview – Problems Addressed & User Experience . 128 Use Case Relationships and Functions....................................... 128 Use Case Characteristics............................................................ 129 Payment Token Characteristics .................................................. 129 Issuance Flow ............................................................................. 129 Transaction Flow......................................................................... 129 Variations of User Experience..................................................... 131 10 Payment Tokenisation Lifecycle Management............................................ 132 10.1 PAN Lifecycle Management Events........................................................ 132 10.2 Payment Token Lifecycle Management Events ...................................... 133 10.3 Lifecycle Management Relationships ..................................................... 133 10.3.1 Lifecycle Relationship Model Diagram ........................................ 133 10.3.2 PAN Lifecycle Relationships and Functions ................................ 135 10.3.3 Payment Token Lifecycle Relationships and Functions............... 135 10.4 Lifecycle Management Events ................................................................ 136 10.5 Merchant Deletion of Payment Credential .............................................. 138 10.5.1 Use Case Overview .................................................................... 138 10.5.2 Use Case Lifecycle Management Relationships and Functions .. 138 10.5.3 Lifecycle Management Flow........................................................ 140 10.6 Lost / Stolen Consumer Device .............................................................. 141 10.6.1 Use Case Overview .................................................................... 142 10.6.2 Use Case Lifecycle Management Relationships and Functions .. 142 10.6.3 Lifecycle Management Flow........................................................ 144 10.7 PAN Replacement .................................................................................. 147 10.7.1 Use Case Overview .................................................................... 147 10.7.2 Use Case Lifecycle Management Relationships and Functions .. 148 10.7.3 Lifecycle Management Flow........................................................ 149 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page viii / xii 11 Payment Tokenisation and Other EMV Technologies ................................ 152 11.1 Secure Remote Commerce .................................................................... 152 11.2 SRC E-Commerce Transaction .............................................................. 153 11.2.1 Use Case Overview – Problems Addressed & User Experience . 153 11.2.2 Use Case Relationships and Functions....................................... 153 11.2.3 Use Case Characteristics............................................................ 154 11.2.4 Payment Token Characteristics .................................................. 155 11.2.5 Issuance Flow ............................................................................. 156 11.2.6 Transaction Flow......................................................................... 158 11.2.7 Variations of User Experience..................................................... 160 11.3 SRC Guest Checkout ............................................................................. 160 11.3.1 Use Case Overview – Problems Addressed & User Experience . 161 11.3.2 Use Case Relationships and Functions....................................... 161 11.3.3 Use Case Characteristics............................................................ 161 11.3.4 Payment Token Characteristics .................................................. 162 11.3.5 Issuance Flow ............................................................................. 163 11.3.6 Transaction Flow......................................................................... 165 11.3.7 Variations of User Experience..................................................... 167 11.4 EMV® 3-D Secure .................................................................................. 167 11.5 Card-On-File E-Commerce with EMV 3DS Payment Authentication ....... 168 11.5.1 Use Case Overview – Problems Addressed & User Experience . 168 11.5.2 Use Case Relationships and Functions....................................... 169 11.5.3 Use Case Characteristics............................................................ 169 11.5.4 Payment Token Characteristics .................................................. 169 11.5.5 Issuance Flow ............................................................................. 170 11.5.6 Transaction Flow......................................................................... 170 11.5.7 Variations of User Experience..................................................... 174 12 Payment Account Reference ........................................................................ 175 12.1 Transit Open Loop Payments ................................................................. 175 12.1.1 Entry / Exit with PAN And Payment Token .................................. 176 12.1.2 Entry / Exit with Different Payment Tokens ................................. 179 12.2 Merchant Loyalty Schemes .................................................................... 182 12.2.1 In-Store Transactions Example ................................................... 182 12.2.2 E-Commerce Transactions Example........................................... 183 12.3 Co-badged Cards ................................................................................... 183 12.3.1 Example PAR Sharing ................................................................ 184 12.3.2 Example PAR Usage – SRC Card Selection............................... 184 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page ix / xii Figures Figure 2.1: Payment Tokenisation Ecosystem Overview ........................................... 7 Figure 2.2: Card Issuers............................................................................................ 8 Figure 2.3: Token Service Providers ......................................................................... 9 Figure 2.4: Token Requestors................................................................................. 10 Figure 2.5: Token Users.......................................................................................... 11 Figure 2.6: Token Request Aggregators.................................................................. 13 Figure 2.7: Card Issuer Aggregators ....................................................................... 14 Figure 3.1: Payment Token Ecosystem Relationship Model.................................... 16 Figure 3.2: Example Roles ...................................................................................... 17 Figure 3.3: Example Relationships.......................................................................... 17 Figure 3.4: Token User Example............................................................................. 18 Figure 4.1: Token Issuance (A) and Token Provisioning (B) Relationships ............. 19 Figure 5.1: Token Presentment Relationships......................................................... 24 Figure 6.1: Token Processing Relationships ........................................................... 27 Figure 8.1: Proximity at Point of Sale – Use Case Relationships............................. 36 Figure 8.2: Proximity at Point of Sale – Example Issuance Flow ............................. 41 Figure 8.3: Proximity at Point of Sale – Example Transaction Flow......................... 42 Figure 8.4: Online Wallet – Use Case Relationships ............................................... 45 Figure 8.5: Online Wallet – Example Issuance Flow ............................................... 50 Figure 8.6: Online Wallet – Example Transaction Flow ........................................... 52 Figure 8.7: In-Application using a Consumer Device – Use Case Relationships ..... 55 Figure 8.8: In-Application using a Consumer Device – Example Transaction Flow . 58 Figure 8.9: Card-On-File E-Commerce – Use Case Relationships .......................... 61 Figure 8.10: Card-On-File E-Commerce – Example Issuance Flow ........................ 66 Figure 8.11: Card-On-File E-Commerce – Example Transaction Flow .................... 68 Figure 8.12: E-Commerce Guest Checkout – Use Case Relationships ................... 71 Figure 8.13: E-Commerce Guest Checkout – Example Issuance Flow ................... 75 Figure 8.14: E-Commerce Guest Checkout – Example Transaction Flow ............... 77 Figure 8.15: Third Party Service Provider – Use Case Relationships ...................... 80 Figure 8.16: Third Party Service Provider – Example Issuance Flow ...................... 86 Figure 8.17: Third Party Service Provider – Example Transaction Flow .................. 88 Figure 8.18: Merchant-Initiated Transaction – Use Case Relationships .................. 91 Figure 8.19: Merchant-Initiated Transaction – Example Transaction Flow............... 94 Figure 8.20: Merchant Token Issuance with a Wallet Token – Use Case Relationships ........................................................................................ 97 Figure 8.21: Merchant Token Issuance with a Wallet Token – Example Issuance Flow ........................................................................................................... 101 Figure 9.1: Token Requestor Aggregator – Incremental Relationships.................. 104 Figure 9.2: Token Requestor Aggregator – Example Issuance Flow ..................... 105 Figure 9.3: Card Issuer Aggregator – Incremental Relationships .......................... 106 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page x / xii Figure 9.4: Card Issuer Aggregator – Example Issuance Flow.............................. 107 Figure 9.5: Bulk Token Request – Example Issuance Flow................................... 111 Figure 9.6: Token Reference IDs – Use Case Relationships................................. 115 Figure 9.7: Token Reference IDs – Example Issuance Flow ................................. 118 Figure 9.8: Token Reference IDs – Example Transaction Flow ............................. 120 Figure 9.9: Tokenisation Domains......................................................................... 122 Figure 9.10: Token Service Provider in the Issuer Domain – Example Issuance Flow ........................................................................................................... 124 Figure 9.11: Token Service Provider in the Issuer Domain – Example Transaction Flow.................................................................................................... 126 Figure 9.12: E-Commerce Transaction with a Token Cryptogram– Example Transaction Flow ................................................................................ 130 Figure 10.1: Lifecycle Management Relationship Models...................................... 134 Figure 10.2: Merchant Deletion of Payment Credential – Use Case Relationships 139 Figure 10.3: Merchant Deletion of Payment Credential – Example Lifecycle Management Flow .............................................................................. 141 Figure 10.4: Lost / Stolen Consumer Device – Use Case Relationships................ 143 Figure 10.5: Lost / Stolen Consumer Device – Example Lifecyle Management Flow ........................................................................................................... 145 Figure 10.6: Replacement PAN – Use Case Relationships ................................... 148 Figure 10.7: PAN Replacement – Example Lifecycle Management Flow .............. 150 Figure 11.1: SRC E-Commerce Transaction – Example Issuance Flow ................ 157 Figure 11.2: SRC E-Commerce Transaction – Example Transaction Flow............ 159 Figure 11.3: SRC Guest Checkout – Example Issuance Flow............................... 164 Figure 11.4: SRC Guest Checkout – Example Transaction Flow .......................... 166 Figure 11.5: Card-On-File E-Commerce with EMV 3DS Payment Authentication – Example Transaction Flow ................................................................. 171 Figure 11.6: Card-On-File E-Commerce with EMV 3DS Payment Authentication – Additional 3DS Steps.......................................................................... 173 Figure 12.1: Example Entry Flow with PAR Data Transfer .................................... 177 Figure 12.2: Example Exit Flow with PAR Data Transfer and Matching ................ 178 Figure 12.3: Example Entry Flow with PAR Data Retrieval ................................... 180 Figure 12.4: Example Exit Flow with PAR Data Retrieval and Matching................ 181 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page xi / xii Tables Table 1.1: EMVCo References.................................................................................. 4 Table 1.2: Abbreviations ........................................................................................... 5 Table 4.1: Token Issuance Characteristics.............................................................. 22 Table 4.2: Token Provisioning Characteristics......................................................... 23 Table 5.1: Token Presentment Characteristics........................................................ 26 Table 6.1: Token Processing Characteristics .......................................................... 28 Table 7.1: Payment Token Characteristics.............................................................. 30 Table 8.1: Proximity at Point of Sale – Token Issuance Characteristics .................. 38 Table 8.2: Proximity at Point of Sale – Token Provisioning Characteristics ............. 39 Table 8.3: Proximity at Point of Sale – Token Presentment Characteristics ............ 39 Table 8.4: Proximity at Point of Sale – Token Processing Characteristics ............... 39 Table 8.5: Proximity at Point of Sale – Payment Token Characteristics .................. 40 Table 8.6: Online Wallet – Token Issuance Characteristics..................................... 48 Table 8.7: Online Wallet – Token Provisioning Characteristics................................ 48 Table 8.8: Online Wallet – Token Presentment Characteristics ............................... 48 Table 8.9: Online Wallet – Token Processing Characteristics ................................. 48 Table 8.10: Online Wallet – Payment Token Characteristics ................................... 49 Table 8.11: In-Application using a Consumer Device – Token Presentment Characteristics...................................................................................... 56 Table 8.12: In-Application using a Consumer Device – Token Processing Characteristics...................................................................................... 57 Table 8.13: In-Application using a Consumer Device – Payment Token Characteristics...................................................................................... 57 Table 8.14: Card-On-File E-Commerce – Token Issuance Characteristics.............. 63 Table 8.15: Card-On-File E-Commerce – Token Provisioning Characteristics ........ 63 Table 8.16: Card-On-File E-Commerce – Token Presentment Characteristics........ 64 Table 8.17: Card-On-File E-Commerce – Token Processing Characteristics .......... 64 Table 8.18: Card-On-File E-Commerce – Payment Token Characteristics.............. 64 Table 8.19: E-Commerce Guest Checkout – Token Issuance Characteristics......... 73 Table 8.20: E-Commerce Guest Checkout – Token Provisioning Characteristics.... 73 Table 8.21: E-Commerce Guest Checkout – Token Presentment Characteristics... 73 Table 8.22: E-Commerce Guest Checkout – Token Processing Characteristics ..... 73 Table 8.23: E-Commerce Guest Checkout – Payment Token Characteristics ......... 74 Table 8.24: Third Party Service Provider – Token Issuance Characteristics............ 83 Table 8.25: Third Party Service Provider – Token Provisioning Characteristics....... 83 Table 8.26: Third Party Service Provider – Token Presentment Characteristics...... 83 Table 8.27: Third Party Service Provider – Token Processing Characteristics ........ 83 Table 8.28: Third Party Service Provider – Payment Token Characteristics ............ 84 Table 8.29: Merchant-Initiated Transaction – Token Processing Characteristics..... 92 Table 8.30: Merchant-Initiated Transaction – Payment Token Characteristics ........ 92 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page xii / xii Table 8.31: Merchant Token Issuance with a Wallet Token – Token Issuance Characteristics...................................................................................... 99 Table 8.32: Merchant Token Issuance with a Wallet Token – Token Provisioning Characteristics...................................................................................... 99 Table 8.33: Merchant Token Issuance with a Wallet Token – Payment Token Characteristics...................................................................................... 99 Table 9.1: Token Reference IDs – Token Presentment Characteristics ................ 116 Table 9.2: Token Reference IDs – Token Processing Characteristics ................... 116 Table 10.1: Lifecycle Management Components................................................... 136 Table 10.2: Lifecycle Management Events............................................................ 137 Table 10.3: Merchant Deletion of Payment Credential – Lifecycle Management Events ................................................................................................ 140 Table 10.4: Lost / Stolen Consumer Device – Lifecycle Management Events ....... 144 Table 10.5: PAN Replacement – Lifecycle Management Events ........................... 149 Table 11.1: SRC E-Commerce Transaction – Relationships ................................. 154 Table 11.2: SRC E-Commerce Transaction – Token Issuance Characteristics ..... 154 Table 11.3: SRC E-Commerce Transaction – Token Provisioning Characteristics 154 Table 11.4: SRC E-Commerce Transaction – Token Presentment Characteristics 155 Table 11.5: SRC E-Commerce Transaction – Token Processing Characteristics .. 155 Table 11.6: SRC E-Commerce Transaction – Payment Token Characteristics ..... 155 Table 11.7: SRC Guest Checkout – Relationships ................................................ 161 Table 11.8: SRC Guest Checkout – Token Issuance Characteristics .................... 162 Table 11.9: SRC Guest Checkout – Token Provisioning Characteristics ............... 162 Table 11.10: SRC Guest Checkout – Token Presentment Characteristics ............ 162 Table 11.11: SRC Guest Checkout – Token Processing Characteristics............... 162 Table 11.12: SRC Guest Checkout – Payment Token Characteristics .................. 163 Table 11.13: Card-On-File E-Commerce with EMV 3DS Payment Authentication – Relationships ...................................................................................... 169 © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 1 / 185 1 Introduction This document, EMV® Payment Tokenisation – A Guide to Use Cases (referred to as “A Guide to Use Cases”), is an informational supplement to the EMV® Payment Tokenisation Specification – Technical Framework, (referred to as the “Technical Framework”). It describes relationship models and use case examples common to the Technical Framework and is intended to be read in conjunction with the Technical Framework. The Technical Framework describes a common baseline set of roles and associated functions for Payment Tokenisation that can be adopted to meet the unique payment ecosystem requirements of international, regional, national or local implementations. 1.1 Scope A Guide to Use Cases describes a limited number of use case examples, some of which are based on established EMV-defined technology: • Proximity at Point of Sale (Section 8.2) • Online Wallet (Section 8.3) • In-Application using a Consumer Device (Section 8.4) • Card-On-File E-Commerce (Section 8.5) • E-Commerce Guest Checkout (Section 8.6) • Third Party Service Provider (Section 8.7) • Merchant-Initiated Transaction (Section 8.8) • Merchant Token Issuance with a Wallet Token (Section 8.9) Section 9 Use Case Variations provides some potential differences and variations to these initial use cases: • Payment Tokenisation Aggregator (Section 9.1) • Bulk Token Request (Section 9.2) • Token Reference IDs (Section 9.3) • Token Service Provider in the Issuer Domain (Section 9.4) • E-Commerce Transaction with a Token Cryptogram (Section 9.5) Section 10 Payment Tokenisation Lifecycle Management describes Payment Token lifecycle management events and provides a limited number of lifecycle management use case examples: • Merchant Deletion of Payment Credential (Section 10.5) © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 2 / 185 • Lost / Stolen Consumer Device (Section 10.6) • PAN Replacement (Section 10.7) Section 11 Payment Tokenisation and Other EMV Technologies provides use case examples involving Payment Tokenisation and other EMV Technologies: • SRC E-Commerce Transaction (Section 11.2) • SRC Guest Checkout (Section 11.3) • Card-On-File E-Commerce with EMV 3DS Payment Authentication (Section 11.5) Section 12 Payment Account Reference describes how Payment Account Reference (PAR) can link transactions made using both Payment Tokens and Primary Account Number (PAN) and provides a limited number of use case examples: • Transit Open Loop Payments (Section 12.1) • Merchant Loyalty Schemes (Section 12.2) • Co-badged Cards (Section 12.3) 1.2 Overview A Guide to Use Cases introduces relationship models which describe potential relationships between the Payment Tokenisation roles. Various common use case examples are given, which include unique relationship models for each use case and example flows for the Issuance of a Payment Token and for transactions. The relationship models and use case examples presented are intended to provide guidance for Payment Tokenisation within existing payment ecosystems and the considerations associated with various usage scenarios. The relationship models and use case examples are neither definitive nor exhaustive since the associated usage scenarios may require additional considerations not provided here. The guidance provided in A Guide to Use Cases does not supersede the Technical Framework or policies and processes defined by a Token Programme. The relationship models are introduced in the following sections: • Section 2 Token Programme Participants introduces the Token Programme Participants which feature in the relationship models • Section 3 Relationship Model Descriptions introduces the basic relationship model, including how the Token Programme Participants fit into the models along with existing payment ecosystem participants such as Merchants • The basic relationship model is described in more detail in the following sections. Each provides a detailed look at how the relationship model applies to specific common functions. Each model describes the specific relationships between the potential Token Programme Participants, describing the relationship itself and its function © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 3 / 185 o Section 4 Token Issuance and Token Provisioning o Section 5 Token Presentment o Section 6 Token Processing • Section 7 Payment Token Characteristics describes the characteristics of a Payment Token and how they might be determined for a specific use case The remainder of A Guide to Use Cases describes specific use case examples as follows: • Section 8 Use Case Examples takes the detailed relationship models from Sections 4, 5 and 6 and applies them to specific use cases. Each use case example has a specific example of a Token Issuance / Token Provisioning flow (issuance flow) and a Token Presentment / Token Processing flow (transaction flow). These flows are based on defined preconditions, setup activities and other flow assumptions • Section 9 Use Case Variations takes the detailed relationship models from Sections 4, 5 and 6 and shows how they may vary depending on the particular use case variation • Section 10 Payment Tokenisation Lifecycle Management shows how the relationship model applies to lifecycle management. It describes how existing relationships between the potential Token Programme Participants are used for lifecycle management and the function(s) of those relationships • Section 11 Payment Tokenisation and Other EMV Technologies shows how Payment Tokenisation can be used with other EMV Technologies, such as Secure Remote Commerce (SRC) and EMV® 3-D Secure (EMV 3DS). It describes how Payment Tokenisation roles map to entities / functions in the other EMV Technology • Section 12 Payment Account Reference provides examples of how Payment Account Reference (PAR) can link transactions made using both Payment Tokens and PAN 1.3 Audience A Guide to Use Cases is intended for use by all participants in the payment ecosystem, such as Card Issuers, Merchants, Acquirers, Payment Systems, Payment Networks, Payment Processors, and third-party service providers. 1.4 References The latest version of any reference, including all published amendments, applies unless a publication date is explicitly stated. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 4 / 185 1.4.1 Published EMVCo Documents The documents in Table 1.1 contain provisions that are referenced in this guide and are available from www.emvco.com. Reference Table 1.1: EMVCo References Publication Name EMV 3DS EMV® 3-D Secure – Protocol and Core Functions Specification EMV Contactless EMV® Contactless Specifications for Payment Systems PAR White Paper EMV® White Paper on Payment Account Reference QR Code EMV® QR Code Specification for Payment Systems (EMV QRCPS) – Merchant-Presented Mode SRC EMV® Secure Remote Commerce Specification SRC CX Guidelines EMV® Secure Remote Commerce – Click to Pay Customer Experience (CX) Guidelines Technical Framework EMV® Payment Tokenisation Specification – Technical Framework Transaction Types EMV® Best Practices Document – Recommendations for EMV Processing for Industry-Specific Transaction Types 1.5 Definitions For a list of defined terms used in A Guide to Use Cases, please refer to Table 1.3 in Section 1.5 of the Technical Framework. 1.6 Notational Conventions 1.6.1 Abbreviations The abbreviations listed in Table 1.2 are used in A Guide to Use Cases. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 5 / 185 Abbreviation ACS API AReq ARes CDE DS ICC ID&V MST NFC PAN PAR PCI PCI DDS POS QR SDK Table 1.2: Abbreviations Description Access Control Server Application Programming Interface Authentication Request Authentication Response Cardholder Data Environment Directory Server Integrated Circuit Card Identification and Verification Magnetic Secure Transmission Near Field Communication Primary Account Number Payment Account Reference Payment Card Industry Payment Card Industry Data Security Standard Point Of Sale Quick Response Software Development Kit 1.6.2 Terminology and Conventions A Guide to Use Cases uses the following words which have a specific meaning: Assumptions Assumptions for a given example flow are specific to that example flow, but not the wider use case. Different assumptions are part of the same use case but would refer to a different example flow. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 6 / 185 Consumer / Cardholder The terms Consumer and Cardholder are defined terms, as defined in the Technical Framework. They are used here in the following way. A Consumer may have access to multiple payment credentials (representing underlying Payment Accounts). Each use case flow begins with an interaction involving a Consumer. Whenever a Consumer selects a specific payment credential (represented by a PAN), the Consumer then assumes the role of the Cardholder for the remainder of that use case. Entity (Role) When an entity is performing a specific Payment Tokenisation role, this is denoted by writing the role in parenthesis after the entity. For example, when a mobile payment application is performing the role of a Token Requestor, it is written as mobile payment application (Token Requestor). Preconditions Preconditions for a given example flow are those which must occur in order for the use case to exist. Usage Scenario A specific instance of Technical Framework usage that has common, distinct characteristics such as technologies used, Token Presentment Mode utilised, etc. This is usually representing the presentment, acceptance and intended payment offering to Consumers/Cardholders in the ecosystem. Relationship Model A construct that describes relationships between each specific Payment Tokenisation role and describes the common set of functions. Use Case A specific example of utilisation of the Technical Framework within a usage scenario, showing specifics of relationships and interactions between Payment Tokenisation roles. It includes an example issuance flow showing Token Issuance / Token Provisioning and an example transaction flow showing Token Presentment / Token Processing. 1.7 Further Information Additional Payment Token information can be found at www.emvco.com. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 7 / 185 2 Token Programme Participants The Token Programme has an overarching responsibility, defining the processes, policies and registration programmes for the establishment and operation of a Payment Tokenisation ecosystem. Token Programme support of a usage scenario will include policies and processes to support the specifics of each use case. Each Token Programme may support some or all of the use cases contained within A Guide to Use Cases, as well as support use cases not described here. Figure 2.1 provides an overview of the Payment Tokenisation ecosystem. Figure 2.1: Payment Tokenisation Ecosystem Overview 2.1 Card Issuers A Token Programme includes participation of one or more Card Issuers. A Card Issuer that supports multiple Payment Systems may participate in multiple Token Programmes. This is illustrated in Figure 2.2, which shows an example of Card Issuers participating in one or more Token Programmes and interacting with one or more Token Service Providers. Card Issuer 2, which is shown in green, participates in both Token Programme A and Token Programme B, whereas Card Issuer 1 only participates in Token Programme A. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 8 / 185 Card Issuers that participate in multiple Token Programmes for a given use case will support the policies, processes and registration programmes of each Token Programme for that use case. Figure 2.2: Card Issuers 2.2 Token Service Providers The Technical Framework supports a variety of ways for Token Service Providers to participate in a Token Programme. The participation of a Token Service Provider or multiple Token Service Providers is subject to the policies of the Token Programme. Token Service Providers may provide support to a single or multiple Card Issuer(s) and participate in one or more Token Programmes. This is illustrated in Figure 2.3, where Token Service Provider 1, which is shown in green, participates in both Token Programme A and Token Programme B, whereas Token Service Provider 2 only participates in Token Programme B. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Figure 2.3: Token Service Providers Page 9 / 185 2.3 Token Requestors Token Requestors may support a wide variety of use cases and may have a variety of relationships with Token Service Providers. Each Token Service Provider registers Token Requestors in accordance to the established processes of each Token Programme. Token Requestors may participate in one or more Token Programmes. This is illustrated by Token Requestor 2 (shown in green in Figure 2.4), which particpates in both Token Programme A and B whereas Token Requestor 1 and 3 only particpate in a single Token Programme (A and B respectively). This provides one example of the possible relationships between Token Service Providers and Token Requestors. For purposes of simplicity, the Card Issuers shown in Figure 2.3 have not been included in Figure 2.4. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Figure 2.4: Token Requestors Page 10 / 185 2.4 Token Users The Token User is a Payment Tokenisation specific role. Token Users initiate Token Payment Requests with Payment Tokens which have been received from Token Requestors. The Token User will have a relationship with one or more Token Requestors. Token Requestors may define requirements for the use of Payment Tokens which they provide to Token Users. An example of the possible relationships between Token Users and Token Requestors is shown in Figure 2.5. In this figure, Merchant A is shown in green and participates in two distinct Token Programmes. When participating in Token Programme A, Merchant A interacts with Token Requestor 1 as Token User 1, while the same Merchant A interacts with Token Requestor 3 as Token User 6 when participating in Token Programme B. A second relationship example is illustrated by Merchant C, which is shown in grey. Merchant C only participates in Token Programme A, but interacts with two Token Requestors. It © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 11 / 185 interacts with Token Requestor 1 as Token User 3 and with Token Requestor 2 as Token User 4. Figure 2.5: Token Users © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 12 / 185 2.5 Payment Tokenisation Aggregators The Payment Tokenisation Aggregator is a Payment Tokenisation specific role. Payment Tokenisation Aggregators interact with one or more Token Service Providers in order to facilitate some or all Payment Token related activities by acting as a service provider on behalf of one or more Payment Tokenisation roles or existing ecosystem entities. The Technical Framework identifies the following specific types of Payment Tokenisation Aggregator. These are: • Token Requestor Aggregator • Card Issuer Aggregator 2.5.1 Token Requestor Aggregators Figure 2.6 shows several possible relationships. Token Requestor Aggregator 1 is shown in blue and only participates in Token Programme A, interacting with Token Requestors and Token Service Providers that are only participating in Token Programme A. Similarly, Token Requestor Aggregator 3 is shown in grey and only participates in Token Programme B, interacting with Token Requestors and Token Service Providers that are only participating in Token Programme B. In contrast, Token Requestor Aggregator 2 is shown in green and participates in both Token Programme A and B. When Token Requestor Aggregator 2 is interacting with Token Service Provider 1, it is participating in Token Programme A, while when interacting with Token Service Provider 2, it is participating in Token Programme B. In this example, Token Requestor Aggregator 2 is interacting with Token Requestor 3 in both these cases, with Token Requestor 3 participating in both Token Programme A and B. In addition, Figure 2.6 shows Token Service Provider 1 interacting directly with Token Requestor 1, while it interacts with Token Requestor 2 through Token Requestor Aggregator 1 (blue) and with Token Requestor 3 through Token Requestor Aggregator 2 (green). In contrast, Token Service Provider 2 only interacts with Token Requestors through Token Requestor Aggregators. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 13 / 185 Figure 2.6: Token Request Aggregators 2.5.2 Card Issuer Aggregators Figure 2.7 shows several possible relationships. Card Issuer Aggregator 1 is shown in blue and participates in Token Programme A, only interacting with Card Issuers and Token Service Providers that are participating in Token Programme A. Similarly, Card Issuer Aggregator 3 is shown in grey and participates in Token Programme B, only interacting with Card Issuers and Token Service Providers that are participating in Token Programme B. In contrast, Card Issuer Aggregator 2 is shown in green and participates in both Token Programme A and B. When Card Issuer Aggregator 2 is interacting with Token Service © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 14 / 185 Provider 1, it is participating in Token Programme A, while when interacting with Token Service Provider 2, it is participating in Token Programme B. In this example, Card Issuer Aggregator 2 is interacting with Card Issuer 3 in both these cases, with Card Issuer 3 participating in both Token Programme A and B. In addition, Figure 2.7 shows Token Service Provider 1 interacting directly with Card Issuer 1, while it interacts with Card Issuer 2 through Card Issuer Aggregator 1 (blue) and with Card Issuer 3 through Card Issuer Aggregator 2 (green). In contrast, Token Service Provider 2 only interacts with Card Issuers through Card Issuer Aggregators. Figure 2.7: Card Issuer Aggregators © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 15 / 185 3 Relationship Model Descriptions The introduction of Payment Tokenisation into an existing payment ecosystem requires consideration of usage scenarios. Within each Token Programme, many functions may be common across usage scenarios. These common functions are associated with processes that are grouped as follows: • Token Issuance and Token Provisioning • Token Presentment • Token Processing Each process is comprised of functions performed in usage scenarios that may be applied as guidelines for use case examples (for a definition of usage scenarios and use cases, see Section 1.6.2 Terminology and Conventions). Not all processes may be present in any given usage scenario or use case example. The Technical Framework identifies a number of roles within the Payment Tokenisation ecosystem that carry out these functions and processes. Some are existing roles within the traditional payment ecosystem, and others are Payment Tokenisation specific roles defined by the Technical Framework. A Guide to Use Cases introduces a number of examples showing models demonstrating relationships between roles associated with Payment Tokenisation that represent the potential processes and functions performed. Some existing relationships are utilised by Payment Tokenisation, while others are specific to Payment Tokenisation. Each relationship is managed in accordance with the policies, processes and registration programmes of a specific Token Programme. Each example relationship model has a number of characteristics which have typical outcomes associated with specific use cases. 3.1 Relationship Model Diagram Figure 3.1 displays all relationship models in a single diagram (for a definition of relationship model, see Section 1.6.2 Terminology and Conventions). These represent the various processes, showing the potential placement of the various Payment Tokenisation roles within the Payment Tokenisation ecosystem. This diagram represents a common configuration for Payment Tokenisation roles and their relationships by identifying the roles as boxes and relationships as lines. Note that not all roles and relationships may be present in any given usage scenario. © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 16 / 185 Figure 3.1: Payment Token Ecosystem Relationship Model Token Programme Consumer C Card Issuer Cardholder A A B CA A Merchant Token User Authorised Entity A Token A C Requestor B Token Service Provider D Existing Payment D Ecosystem Entities (Authorisation) A Token Issuance B Token Provisioning C Token Presentment D Token Processing This diagram establishes a baseline representation which is the basis for the more detailed relationship model diagrams introduced in the following sections: • Section 4 Token Issuance and Token Provisioning • Section 5 Token Presentment • Section 6 Token Processing © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 17 / 185 3.2 Understanding the Relationship Model Diagram In Section 3.1 Relationship Model Diagram, the single diagram in Figure 3.1 gives all potential relationships between the various Payment Tokenisation roles within the Payment Tokenisation ecosystem. Where applicable, known entities that commonly perform the Payment Tokenisation role are included. Sometimes an additional, inner box is present within a larger, outer box. This occurs when an entity performs a specific role at some point during the process. For example, Figure 3.2 shows the Merchant / Token User. This is an example of a Merchant (shown by the outer box) performing the Payment Tokenisation role of Token User (shown by the inner box). When this is described in any text accompanying the figure, it is written as Merchant (Token User). Figure 3.2: Example Roles Merchant Token User The lines in Figure 3.1 represent relationships between entities/roles and not flows. Relationships can exist between entities, between roles and between entities and roles. These are denoted by the lines in the relationship diagrams, which may join the outer boxes or the inner boxes, depending on the precise relationship being described. For example, Figure 3.3 shows the relationship between the Cardholder (not the Consumer) and the Card Issuer. Figure 3.3: Example Relationships Consumer Card Issuer Cardholder A In certain relationship model diagrams, both a Token Requestor and a Token User are shown surrounded by a dashed line. This indicates that in certain use case examples, both roles can be present, while in other use cases, only the Token Requestor role is present. An example is given in Figure 3.4, where both the Token User and the Token Requestor are shown, with a Merchant performing the role of Token User and an Authorised Entity performing © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 18 / 185 the role of Token Requestor. The relationship shown between the Token User and Token Requestor will not be present in use case examples which do not have a Token User. Figure 3.4: Token User Example Merchant Token User Authorised Entity A Token Requestor © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 19 / 185 4 Token Issuance and Token Provisioning Token Issuance and Token Provisioning occurs after Token Generation in response to a Token Request from a registered Token Requestor with a valid Token Requestor ID. Considerations for the issuance of Payment Tokens include policies and processes for Token Assurance, Token Generation, Token Issuance, and Token Provisioning. This includes any implications of specific technologies and processes. 4.1 Token Issuance and Token Provisioning Relationships and Functions The possible relationships for Token Issuance and Token Provisioning are shown in Figure 4.1 and are dependent on the specific usage scenario. Not all relationships may be present in any given usage scenario. Note that the relationships in the figure do not imply flows between the entities shown and the numbers do not represent any specific order. Each relationship and how it may be utilised within Payment Tokenisation is described in the text following the figure, along with its function. Figure 4.1: Token Issuance (A) and Token Provisioning (B) Relationships A Token Issuance B Token Provisioning Consumer Card Issuer Cardholder A6 A2 Merchant Token User B2 A1 Authorised Entity Token B1 A3 Requestor A4 B3 A5 Token Service Provider © 2019-26 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Payment Tokenisation A Guide to Use Cases v2.3 DRAFT Page 20 / 185 Note that certain relationships only apply to a limited number of use cases, while other relationships do not vary by use case (although they are not necessarily present in all use cases). These instances are noted in the individual relationship descriptions. 4.1.1 A1. Cardholder – Authorised Entity (Token Requestor) Relationship: The Cardholder may have an existing relationship with the authorised entity (Token Requestor) which can be utilised for Payment Tokenisation. Function: The Cardholder provides a PAN or Payment Token and related data to the authorised entity (Token Requestor) which triggers the Token Issuance Process. How the PAN or Payment Token and related data are provided depends on the Use Case. The authorised entity (Token Requestor) may involve the active participation of the Cardholder in Token Assurance as described in the Technical Framework, Section 6 Token Assurance Method. There are many Token Assurance Method variations possib