Cross Device, Cross Platform
OpenToken is an open-standard framework enabling a distributed payment & identity tokenization service network, built for the internet age, architected around a security model that assumes endpoints may be compromised, and data-breaches will happen; and instead, embraces dynamic generation of payment & identity data, with built-in limitations-of-use, and thus worthless if misused or stolen. This is not about enabling crypto-currency, or new forms of tokenized virtual assets, instead OpenToken introduces low/zero-fee “programmable money” in everyday use-cases.
CardWare is making its SmartTokenization technology open for application in the wider set of use-cases, where we'd all like our privacy better protected, and get back control of our everyday transactions, without annoying bank text messages, inconvenient false-declines from the issuer, tediously reviewing every account-statement for fraud, or disturbing phishing attacks. All targeted at eliciting our sensitive (fixed) legacy payment card information from the pre-Internet era.
By dynamically generating unique, per-merchant, per-facility, per-use specific payments, to protect transactions, OpenToken removes the need for PCI/EMV compliance or slow/expensive legacy payment terminals, and opens up an exciting world of opportunities for better integration of: user-experience + payments + identity + loyalty/rewards. In : ticket kiosks, self-checkout, vending machines and more. The protocol is cross-platform, and device-agnostic (e.g. on & between iOS/iPadOS, Android, MacOS, Chrome, Windows, Safari, and more), and realizes multiple vectors for transactions —including NFC, QR-codes, cards, wireless, email, web-commerce, street vendors, and even social media — for in-person, interstate, and cross-border payments.
OpenToken is designed for interoperability and choice, allowing users to connect multi-currency (e.g. fiat currencies, CBDC, StableCoins, etc) funding sources, and enabling merchants to connect across many-options, over multiple-networks, making it suitable for travelers, tourists, international commerce, or simply finding the optimal routing interchange-rate.
The framework leverages modern, real-time, multi-routed, lower-cost instant settlement payment rails (like FedNow, RTR and RTP), providing a secure, and adaptable standard for digital payments everywhere, everyday, whether online, in-store or offline.
Example use cases from our collection.
Explore how OpenToken could be used in your business.
NFC-Tap to transact. Instant personal conveying of funds, points, rewards, access - without the fees. Works online or offline.
A2A payments at a Grocery store improves margins, on market-set prices, and Grocer offers incentives in discounts, points as rewards to amplify. App notifies when near any merchant featuring low-fee A2A, and pushes promotional offers to A2A capable purchasers
Travel Agent receives SmartTokenized payment, then turns it around and further sub-tokenizes to pay Tour Vendors without compromising consumer security & privacy, without PCI liability concerns, and without exposing sub-vendors or margins. Stop worrying about PCI compliance and liability, and instead safely pass around sub-tokenized payment information, while remaining within the original limitations-of-use.
Food Truck, Fast-food store. Avoid wasting valuable time as a “payment card jockey”, and instead integrate : ordering + payment + status + delivery, in one low-cost (off-the-shelf hardware) seamless user experience. Ditch the legacy EMV payment terminal with its klunky antiquated interfaces and higher fees.
Coffee Vending Machine checks entitlement with payment, student discount, max 2 coffees. Low-cost cashless, no PCI compliant PoS, integrates payment & vending. No more PoS skimmers.
Clothing Store with RFID/NFC tags, bound UID’s connected to inventory-control scanners. Tap on clothing price tag, pay while on-rack, instant receipt, walk out of store with clothes. Reduced cashier overhead means lowers costs, more service & reduced purchase friction, better integrating online & in-store review & order, with loyalty, discounts & inventory control.
Bar Tender can validate payment capability then offer to keep "Tab" open before settlement. The Bar-Tab Token is only valid for that bar-merchant, until closing time. Each drink-order appears immediately on user's view of the "Tab", with a notification and ability to approve/dispute. No more lost/forgotten credit cards, reduced fraud/chargeback claims.
Access Hotel room, via NFC Tap, with the same device used to reserve the room online. Reduce overhead of Hotel front-desk and cleaning staff co-ordination by checking-out with another Tap. Tap to pass-on limited-use sub-tokenized access to other family members devices. Reduce replacement access cards, save the plastic.
Marchant allows Tap to pay with "Debit+", unlock mobile device, biometrically validate with a FIDO Passkey, thus answering the security challenge in an standard way. User-convenient debit, lowest-transaction fees, multiple routing options
Swipe a pre-Tokenized (DAN) Mag-Stripe Card in a legacy reader (CP), DAN causes ping to phone to request (biometric) confirmation of purchase. Eliminate skimming. Address the cost of upgrading mag-stripe reader facilities, extend their useful like without constantly updating public payment systems, without switching to higher-fee CNP systems (e.g. QR-Code, Online App).
Whether opening an account, accessing on another device, using VPN for security, or just searching for content. If you are operating your trusted device, after biometrically validating it was you, in order to unlock it, why additionally ask if you can recognize a traffic light, or answer a security challenge? Reduce online friction, save robot jobs for robots.
1. Tour from Virgin Islands to Bahamas, shopping across the islands, from street merchants to renting a surf board, without needing to carry cash, deal with different local paper currencies, subscribe to a cellular data service or wander for WiFi, works just as well while living Offline, without fear of theft. 2. Get in-flight access to WiFi and Shop for snacks, movies, without having to first be connected online, or setup a card-on-file (a catch-22) 3. Cruise ship can enable guest purchases using only a local mesh network, without global internet connection, nor holding lots of cash. Benefits for areas with intermittent or poor cellular coverage. Better service low density or risky locations, without necessarily switching to cash, increasing transaction fees, or missing out on digital payment security and conveniences.
The Problem
A core reason for the phishing & fraud problems of today, is that Payment & ID cards are based on a system inherited from the 1950s: one set of fixed data, re-usable anywhere, by anyone, at any merchant.
The Fixed Data Problem
A core reason for the phishing & fraud problems of today, is that Payment & ID cards are based on a system inherited from the 1950's: one set of fixed data, re-usable anywhere, by anyone.
The Security Paradox
Cardholders are told to keep these numbers secret, yet they must hand them over to someone they don't know, on the internet (where everything is digitally transmitted across the world, instantly, via wirelessly connected mobile devices). And to trust that the people handling the fixed data will honor some rules, in a world where massive data-breaches are a daily occurrence, costing $10's of billions annually in online fraud losses, just in the US.
The Validation Paradox
Thus, the reason Bank's frustrate customers, by Text'ing to validate a purchase right after declining the transaction, is because they don't know if it was the real cardholder, or someone else who simply had this fixed information, and trivial-validation personal information (also fixed and frequently stolen).
The Failed Solutions
Chip cards did not and cannot solve this, they've only added more cost and liability for merchants. The world has changed online, but whether it's for: Identification or Payment, the systems haven't fully kept up with it.
Our Mission
Tokenization is the most significant cryptographic innovation to address fraud, phishing, and privacy. SmartTokenization goes even further, by replacing traditionally-fixed information (e.g. card numbers) with a combination of static & dynamically generated token-portions, that build-in limitations-of-use.
Unlike encryption, tokenization does not simply transform for obscurity; there’s no secret key that can unlock a token, and tokens are not reversible back into their source data. Using SmartTokenization, the data’s unusable outside its original limitations-of-use; thus, any stolen tokens (e.g., a data breach, ATM skimmer) cannot be transacted, and have no value outside their original intended use. By starting with the assumption that digital data can/will always be easily copied, then, rather than enforcing confidentiality via liability (e.g., Payment Card Industry PCI-DSS), OpenToken makes the information itself unusable in any transaction other than that intended one, as authorized for the person/merchant intended. When the data is worthless if stolen - there’s no longer any incentive to steal, skim, phish, or socially engineer text messages to illicit payment & personal info.
Cross-Device, Cross-Platform Payments
iPhone to Samsung Card+ Cash
Samsung to Pixel Card+ Cash
OpenToken Alliance Membership
Join the alliance shaping the future of OpenToken standards
Who Should Apply
OpenToken is designed for a wide range of service providers and entities in the payment ecosystem.
- KYC - Know Your Customer. KYB - Know Your Business. AML - Anti-money laundering compliance
- Shipping/Residential Address Verification
- Payment CardHolder Identity Service