eBooks, Guides, & Reports • 18 MIN READ

Are you ready for Apple Pay & Tokenized Payments?

IR Media

Written by IR Media


Tokenized payment acceptance is taking off and more deployments are happening every day. Companies like Apple, Samsung, Google and others are offering the latest advancements in payments and financial technology.

The principles we cover also apply to any new technology such as immediate payments, NPP and bitcoin.

Many banks will offer all forms of tokenized payments from these three companies, so it’s important that you have a repeatable and reusable deployment model.

At IR we have been testing and improving these concepts over the last 10 years with EMV and faster payment deployments in Europe, and now tokenized payments.

We have helped customers like you de-risk deployments of new technology and help them realize the benefits from their investment sooner.

Apple Pay Oct 20, 2014

  • 12 million users
  • US - 1 million activations in first 3 days – Apple
  • China – 3 million registered users in first 2 days – China Merchants Bank

Samsung Pay Aug 20, 2015

  • 5 million registered users in US and Korea within 6 months
  • Android has 60% of the Australian phone market, Apple 35%

Android Pay Sept 11, 2015

  • 5 million users
  • Android Pay now supports a total of 102 banks and credit unions

Key criteria for Technology Rollout

These criteria were initially used for EMV deployments in Australia and Europe, but are also applicable to other technology deployments such as tokenized payments.

  1. Certifications and approvals

    Getting signed up with the required regulatory body or payment networks.

    For tokenized payments this means reaching agreement with Apple/Samsung/Google to participate in the payment scheme. Negotiation of fees can be part of the challenge.

  2. Select technology vendors

    For EMV, this step often includes choosing and rolling out compliant terminals.

    For tokenized payments, if you’re a merchant acquirer, this might still include rolling out new NFC capable terminals if it wasn’t already done as part of an EMV roll out.

    The big consideration for tokenised payments is the choice of the token provider or providers.

    Companies often look to the card schemes first. The transactions might already be routed via them, depending on how the domestic routing works.

    Other key criteria for choosing a provider may include coverage of card types, reliability and uptime, response times, and ease of integration. 

  3. Ongoing technology management

    Plan for ongoing management activities for the new technology. This can include software upgrades, scheduled outages, problem investigation and resolution procedures.

    It can also include starting to plan for visibility, and implementing reporting.
  4. Integration with existing systems

    Understand how the new payments flows fit into your system, and what changes are required to handle and instrument the new steps, activation, transaction and token lifecycle management.

    You may want to consider the interfaces (or hand-offs) and how you might identify the new transactions in your legacy systems.

    ANZ BANK 1st to launch tokenized payments in Australia

    24 banks in Asia now support tokenized payments.

  5. Testing and Test Tools

    Decide how the individual components will be tested as well as the end-to-end solution.

    This usually includes load and stress testing and functionality. Often full end-to-end testing will need to be scheduled a long way in advance to get a time that suits all parties. 
  6. Customer on-boarding

    How do new customers get signed up ?

    Increasingly banks are pushing for this to be entirely self-service so it can be as smooth as possible.

    There was a lot of press early on in the US about fraud at the onboarding stage of Apple Pay, where others card details were loaded onto fraudsters' phones.

    These concerns were around social engineering manual steps in the process. Ensuring a self-service interface, with one time password or security code authentication is common.

    Instrumenting this process to ensure visibility into any issues, and tracking of the take up can be invaluable.

  7. Post-deployment monitoring

    Once you’re live, you want to ensure that the system is working as intended. Over the first few days, you’ll want to detect any exceptions in the on-boarding process or in the transactions before they cause an impact.

    You may also want to track the take up of this new technology to ensure that you’re getting return on your investment.

    After the first few days, you may still want to monitor for exceptions and to ensure agreed service levels are being met, and may evolve to looking at longer term trends in the take up and ongoing use of the technology.

    This can include software upgrades, scheduled outages, problem investigation and resolution procedures. 

Provisioning & Lifecycle

  1. The lifecycle of tokenization begins when the customer attempts to load a card onto their device.

    This may be via a vendor app provided on the device, or an app provided by the bank.

  2. The verification process – which may be via the token provider as shown in the diagram or often it goes direct to the issuer.
  3. Generation of the token and activation of the card for tokenized payments – the final activation step is often used as the metric to track for take up.


Step 1 The Token Request sends a cardholder PAN to the token vault. (i.e. a request)
Step 2 The issuer performs identification and verification (ID&V) and passes those results to the vault. This is known as "binding." This completes the payment token registration. ID&V ensures that the payment token is replacing a PAN that was legitimately being used by the token requestor. ID&V is performed each time a payment token is requested.
Step 3 As part of the Payment Token Evaluation Request Process, the token vault alerts the issue that D&V is needed.
Step 4 The token vault passes the registered payment token to the token requestor, completing the payment process token request.
Source: TSYS Tokenization FAW & General Information

A similar process is used when updating or deactivating cards. Instrumenting the various steps of this process to provide a single view can be a challenge at this stage.

The requests tend to go to different systems within the bank, and can be difficult to correlate. Companies that address this challenge have a better chance of a successful deployment.


In the authorization or transaction process, the challenge is to integrate smoothly into the existing payment flow.

Now, when the device is used at a terminal, only a token is delivered to the acquirer, not the actual card number.

The transaction needs to be switched via the acquirer to the token provider where the card number will be retrieved and forwarded to the issuer.

At this stage, depending on the token provider, other information may be appended to the transaction to give more visibility into other key metrics like the wallet type (Apple, Android, Samsung).

The transaction flows back via the same path.

Some companies are both acquirer and issuer, and want to track the whole flow of the transaction.

This includes the first step when the token is delivered to the acquirer, through to the issuer, with the results of the transaction.


Step 1 The cardholder initiates with a payment token, which then passes through the merchant acquires as if it were  PAN.
Step 2 The payment token is de-tokenized into a PAN by the Token Service Proverder (TSP).
Step 3 The PAN and token are sent to the issuer, which makes an authorisation decision.
Step 4 The issuer sends that PAN and authorisation response back to the TSP.
Step 5 The TSP pre-tokenized the PAN.
Step 6 The TSP sends the PAN and authorisation response through the acquirer to the important merchant.
Source: TSYS Tokenization FAW & General Information

Leveraging the additional data delivered by the token provider to provide a greater level of visibility into the new transactions has been a key success factor for customers.

It can take a little more work to expose, but this is typically repaid with greater dashboard and reporting capabilities going forward.

Will you be ready?

There's a number of challenges to overcome when deploying this technology including:

  • Are terminals ready for tokenized transactions?
  • Is the process of on-boarding customers efficient and secure?
  • Do stakeholders have insight into payments?
  • Are there connectivity issues between acquirer, host and token service?

Get this right to avoid:

Frustrated customer venting on social media

Three months after the China launch, users on online forums complained that using Apple Pay, even at popular fast-food outlets, was not as seamless as local services such as WeChat, Tencent’s messaging and mobile commerce phenomenon.
– AAP June 7, 2016

Bad press

“Bendigo Bank is experiencing some unforeseen technical issues in accepting Apple Pay payments at selected merchant terminals” a spokeswoman for the bank told Reuters, adding that a lack of wider industry engagement in launching the service limited the lead time in testing the new technology.
– AAP June 7, 2016

Frustrated customer venting on social media

Weakness in the issuer verification process allows fraudsters to use stolen card data over mobile devices, as happened to Apple Pay, which compromises the integrity of the service. This risk is not specific to, and is outside the scope of, issuer tokenization but needs to be addressed.
– Gartner, Innovation Insight: Issuer Tokenization Secures and Enhances Future Payment Services

Your development right

  • A good deployment is the first step towards great cooperation between technology and banking.
  • Banks can engage with younger, tech-savvy customers with financial clout.
  • Overcoming disintermediation can allow banks to re-engage with their customers.
  • A great opportunity to target customers with the most wealth who are open to new ideas about their finances.


  • Frustrated customers who are unlikely continue to use your service
  • Bad press
  • Lack of ROI - the service that you have invested heavily in and hope to realize the benefits of will not occur
  • Frustrated customers are likely to vent on social media as they have done in China
  • A poor deployment and poorly implemented processes with insufficient monitoring will open the door to fraudsters
  • A poor deployment will cost you money and quite possibly customers.

If you get it right there is significant upside

  • Banks can re-engage and increase business with their existing customers.
  • Creates a great story of cooperation between technology and banking.
  • Banks can secure younger, tech-savvy customers with financial clout. Targeting people between 30 and 45 with the most wealth and who are open to new ideas when it comes to their finances presents a great opportunity.
  • It's the first important step to offering great services in the future.


JP Morgan Chase reported 1 million wallets provisioned on Apple Pay – Feb 24, 2015

  • 69% credit, 31% debit
  • Average age of Apple Pay users 9 years younger than regular active customers
  • Average income of Apple Pay customers 21% higher than regular active customers

Source: appleinsider.com/articles/15/02/24/chase-announces-over-1m-walletsprovisioned-on-apple-pay

Measures for Success

Start benchmarking during testing, certification and QA

  • Performance of the application enhancements

  • Performance of system and network

  • Response and processing times per device i.e. iPhone, iWatch, iPad

  • Response times and performance of internal, external and host connections

  • Support for various merchant devices

  • Transaction throughput

  • Speed and performance impact of on-boarding process

  • Response times for Tokenization service

  • Capture of standard errors and message

Implement real-time service monitoring

  • Monitor by service ie Apple Pay, Samsung Pay, Android Pay etc

  • Holistic end to end monitoring of subcomponents

  • Performance of system and network

  • Response times and availability of internal, external and host connections

  • Transaction volume and throughput

  • Speed and performance impact of on boarding process

  • Response times for tokenization service

  • Capture of standard errors and messages

Compare new tokenised transactions performance to existing transaction performance

  • Response times of new transactions

  • Decline and approval rates

  • Number of tokenized transactions versus activation transactions

  • Transaction hot spots and purchasing patterns

  • Impact of activations against switch performance

  • Mapping of activations to purchase transaction to lifecycle transactions

  • Comparing wallet types

      • Apple Pay
      • Samsung Pay
      • Android Pay

Speed troubleshooting and service recovery

  • Merchant terminal, location

  • BIN

  • Token service

  • Wallet type

  • Activation problems

  • Correlate to infrastructure problems

  • Historical analysis and retrospective trending

Deploy service reporting

  • Wallet transaction by credit and debit cards

  • Wallet spend by credit and debit

  • Average transaction size

  • In app versus POS versus peer to peer

  • Number of provision cards

  • Usage report - active versus provisioned

  • Active users and transaction performed

  • Merchant reports

  • Transaction failure report

  • Comparison against non wallet transactions


Companies like Apple, Samsung, Google and others are offering the latest advancements in payments and financial technology. Banks and financial institutions will need to ensure successful deployments of new technology in order to stay relevant to their customers.

A good deployment of new technology enables banks to engage with younger, tech-savvy customers with financial clout.

It's a great opportunity to target customers with the most wealth who are open to new ideas about their finances.

The criteria for a successful technology deployment, such as tokenized payments, includes;

  1. Certifications and approvals
  2. Select technology vendors
  3. Ongoing technology management
  4. Integration with existing systems

Investment in new technology isn’t cheap and it’s important for banks to ensure ongoing customer adoption and return on investment through;

Benchmarking during testing, certification and QA

  • Implementation of real-time services monitoring
  • Comparing new tokenized transactions performance to existing transaction performance
  • Speedy troubleshooting and service recovery
  • Deployment of service reporting

You may download this checklist by clicking the button below

Download Checklist

Topics: Payments High availability Payment processing Real-time monitoring

Subscribe to our blog

Stay up to date with the latest
Communications, Payments and HP Nonstop
industry news and expert insights from IR.

We're committed to your privacy. IR uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our privacy policy.