Network tokens are a hot topic in payments right now. This is due to the potential of network tokens to help businesses achieve higher authorization rates, reduced fraud and allow businesses to offer an improved customer experience.
But what exactly are network tokens and how do they work?
In this article, we explain:
Network tokens are unique digital identifiers used to supply a tokenized value instead of the primary account number (PAN) in all parts of the payment chain. These tokens replace sensitive card data, like the account number and expiry date on the front of a card used for payment, without exposing the actual account details.
Network tokens are generated automatically and in real-time by the card schemes as customers use their cards. For example, when they're checking out on an ecommerce website or paying using a pass-through digital wallet, such as Apple Pay or Google Pay.
Network tokens work by replacing sensitive credit or debit card data with a token that is completely unique to the customer, PAN, and merchant. They are issued by the card scheme and stored by the merchant for transactions.
Here’s how the network tokenization process works:
To initiate network tokenization, the customer enters their card details as normal, including their card’s PAN, CVV, and expiry date.
Once the merchant has the customer’s card details, they share the information with their payment service provider, which requests a network token from the card scheme, such as Visa or Mastercard.
The card scheme then automatically generates a network token, which it shares with the card issuer (the cardholder’s bank), and the merchant’s PSP.
Finally, the PSP shares the network token with the merchant, who stores it to use for future cardholder payments. As it’s been generated by the card scheme, the token is valid across the entire payment ecosystem.
When the cardholder makes a transaction, the network token, which represents the card, is sent from the merchant to the card network via the PSP. Alongside the network token, the card scheme also generates a cryptogram for each individual authorization, which adds an additional layer of security. This cryptogram is unique to the token, the merchant, and the transaction.
Once the network token reaches the card scheme, it is decrypted and the original card details are retrieved. These details are then shared with the card issuer in order to be verified.
The card issuer can now verify the card details, the transaction is processed as normal, and the payment is approved. The original card details were only ever shared between the card scheme and issuing bank. At every other stage of the process, the token was used.
Network tokenization is similar to PCI tokenization, sometimes known as vault tokenization, undertaken by acquirers or payment service providers on behalf of their merchants. This secures card data between the token provider and merchant to help reduce the scope of PCI DSS – that’s the payment card industry data security standard in full.
The key difference between network tokenization and PCI tokenization is that the card scheme issues the token, not the acquirer or payment service provider. This makes network tokens interoperable across the entire payment ecosystem, and for a broader range of use cases.
There are many ways network tokenization can help businesses. Four main benefits are:
Card-based payments are subject to increasing checks, particularly in view of Strong Customer Authentication (SCA) requirements in Europe. But, at some point, additional security becomes a point of friction for consumers, leading to cart abandonment. Our data found that 12% of European retailers had seen approval rates decline due to the early impact of SCA.
Implemented as a part of an authentication strategy, network tokenization can help reduce the scope of SCA requirements. Fewer challenge or step-up authentications cuts payment friction and improves authorization rates and payment success. According to Visa, merchants using network tokens see an authorization rate uplift of around 2%.
As of April 2022, Visa has reduced interchange fees for merchants making card-not-present network token transactions by an average of ten basis points. This includes transactions made using digital wallets such as Apple Pay and Google Pay.
The reason for this is that, as card-not-present transactions are generally more vulnerable to fraud than card present transactions, they experience higher interchange fees. As network tokens help to decrease fraud rates, Visa can reduce interchange fees accordingly.
Not so long ago, prompting customers that their card was soon to expire, or had expired, was one of the only ways to tackle the challenge of old cards. However, unlike cards, tokens have no expiry date, minimizing the risk of involuntary churn.
This makes network tokenization a great solution for any business looking to generate significant revenue from repeat customers with card-on-file, recurring or subscription business models.
A network token serves as a permanent record of a card’s information, and the card network is responsible for maintaining the mapping between the card and token. That means it automatically updates the card information when a card expires or is replaced. Because of this, the customer doesn’t have to keep updating their card information, and, as the merchant always has a valid card on file, card declines are reduced. Both of these factors result in a better payment experience for the customer.
As they are interoperable across the entire payment ecosystem, network tokens significantly reduce fraud. Rather than replacing the card’s details at a specific endpoint, as PCI tokenization does, a network token conceals the card at every stage of the transaction. This means the merchant only ever has to handle the token, which vastly reduces the chance that sensitive information is exposed to fraudsters. Additionally, the cryptogram created for each individual transaction provides further security.
As detailed above, the end-to-end security that network tokenization provides means cardholder data is kept safe from fraudsters. The token that’s used for the transaction contains no exploitable information, so even if it is intercepted, the cardholder is not at risk.
Network tokenization makes it easier for businesses to comply with PCI by reducing the amount of payment data that is subject to PCI-DSS requirements. As businesses can process transactions without exposing their customers’ data, compliance is streamlined and they can spend less time and resources on payment security.
Read more: Discover five business problems that are solved by network tokenization.
As card details are automatically updated by the card scheme, and fewer accounts are suspended due to fraudulent activity, the number of declines caused by fraud and out of date cards is significantly reduced, which results in increased authorization rates.
At Checkout.com, we have an opt-in managed network token solution that, whenever a new card is used in a transaction, it can automatically share a network token on your behalf with Visa and Mastercard.
We also deal directly with card schemes and issuers to ensure all network tokens are automatically updated when card details change, so you don’t have to.
Improve your customer experience, reduce fraud and increase your authorization rates through network tokens with Checkout.com’s managed solution.