The EMVCo link is actually more interesting. The payment tokenization scheme means that the merchant never gets your card number (the PAN), they get a token.
> EMV Payment Tokenisation enhances transaction security by removing the most
valuable data to a fraudster within a transaction, the primary account number (PAN), and replacing it with a unique alternative value, a payment token.
> This reduces the value of payments information stolen in the event of a data
compromise, as a payment token should not be able to be used beyond the
environment in which it was intended. Payment tokens support both face-to-face
(F2F) and remote payment transactions.
Basically, if Amazon leaks my credit card data, thieves can’t use it because the number is associated with my Amazon account only. That one token can be cancelled and the next time I buy something a new one is issued and I don’t have to replace my credit card just because one merchant leaked my info.
> EMV Payment Tokenisation enhances transaction security by removing the most valuable data to a fraudster within a transaction, the primary account number (PAN), and replacing it with a unique alternative value, a payment token.
> This reduces the value of payments information stolen in the event of a data compromise, as a payment token should not be able to be used beyond the environment in which it was intended. Payment tokens support both face-to-face (F2F) and remote payment transactions.
Basically, if Amazon leaks my credit card data, thieves can’t use it because the number is associated with my Amazon account only. That one token can be cancelled and the next time I buy something a new one is issued and I don’t have to replace my credit card just because one merchant leaked my info.