Connect with us

Hi, what are you looking for?



New American Express Services Combat Fraud Through Tokenization

American Express has launched a new services designed to protect online and mobile payments by replacing sensitive card information with tokens.

American Express has launched a new services designed to protect online and mobile payments by replacing sensitive card information with tokens.

The American Express Token Service solutions can be used by card issuers, payment processors, acquirers and merchants to replace payment card account numbers with unique tokens. The tokens can be used to make payments online, in mobile apps, and in stores via mobile devices that support near-field communications (NFC).

Businesses that use the Token Service will no longer have to worry about storing sensitive financial information on their systems, the company said. The solution offers additional fraud protection because the tokens can be assigned for use with a specific payment device, transaction type or merchant.

The American Express Token Service provides the ability to issue tokens; lifecycle management services for creating, suspending, resuming and deleting tokens; and a vault where tokens are stored and mapped to account numbers. Card issuers will also benefit from payment data validation capabilities and other fraud and risk management services.

All these features are based on the EMV Payment Tokenization Specification technical framework released by EMVCo in March 2014. 

“We believe our payments network is a tremendous asset to American Express – one that will allow us to offer our customers new features and technologies to meet their evolving spending needs,” commented Paul Fabara, president of Global Banking and Global Network Business at American Express. “As we move ahead, we are excited to bring these new capabilities to our customers and look forward to continuing to serve them.”

For the time being, American Express Token Service is available only in the United States, but the company expects it to launch internationally in 2015.

Advertisement. Scroll to continue reading.

American Express has also developed network specifications for cloud-based Host Card Emulation (HCE). The specifications provide card issuers with additional security options and solutions for payments via NFC-enabled mobile devices running Android KitKat. Card issuers using HCE store their customers’ information on a secure cloud server, from where it is transmitted to mobile phones and then to PoS terminals quickly and securely. The HCE specifications are available globally, American Express said.

Payment card fraud is highly problematic these days and many organizations have started taking steps to put an end to the phenomenon. However, cybercriminals are not giving up.

Last month, researchers revealed the existence of Voxis, a new automated tool that can be used by cybercriminals to send batches of fraudulent payment card charges to multiple gateway processors. Voxis increases the chances of avoiding fraud detection systems and having fraudulent charges authorized because it emulates human behavior and buying patterns.

Fraudsters could also target payment cards directly. Researchers at the Newcastle University have shown that the contactless cards released by Visa in the U.K. are vulnerable to fraudulent foreign currency transactions, in theory allowing the theft of up to 999,999.99 in any foreign currency.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...