Mastercard Incorporated
DIGITIZATION OF NON-PERSONAL ACCOUNT INFORMATION FOR SECURITY OF FINANCIAL IDENTITY DATA IN THIRD-PARTY PAYMENT PROCESSING SYSTEMS

Abstract:

Techniques for digitization of non-personal account information for security of financial identity data in third-party payment processing systems are described. A bank system can send a non-personal account reference number, in place of a personal account number, to serve as an identifying characteristic for a user. Unlike the personal account number, the account reference number is not personal account information, thus reducing security requirements, including PCI DSS, and overall exposure risk for financial identity data. During the described digitization, the third-party system can receive a communication comprising at least an account reference number from a bank system. The third-party system can create a digitized account reference token for the account reference number; and store the digitized account reference token mapped to the account reference number in a token vault. The third-party system can provision the digitized account reference token to one or more user devices to be used for payment.