Tokenization: What is it and how does it combat online payments fraud?

In broad terms, tokenization is the process of replacing data — ordinarily the primary account number (PAN) — with something else, known as the ‘token.’ At some point later, the token is used as a key to unlock the data. The token is ‘housed’ in a different environment to the original data, and operates completely independently of it. Therefore the token cannot be used to hack into the data. In this way tokenization is different to encryption, which merely scrambles data where it resides, and decrypts it when required. As such, the underlying data is vulnerable to hackers or corruption.

Network tokenization and PCI tokenization: What’s the difference?

Network tokenization replaces the PAN across the entire payment ecosystem. Network tokenins will be meaningful and interoperable across every player in the ecosystem of a payment.

PCI tokenization, on the other hand, only replaces the PAN at one specific point. PCI tokenization will only be meaningful to the token provider and the merchant.

The UN estimates that seven of the world’s largest economies saw a total of $2.5 trillion added to online sales in 2020, a 25% hike on the year before. More online payments means more opportunity for fraudsters. In fact, in the UK, online fraud is up by a third.

Seventy-seven percent of consumers surveyed in the US said that keeping their payment information safe was the most important factor when choosing how to pay. Tokenization provides a robust way to authenticate a customer’s identity, with no trade-off in the speed of the payment experience. Businesses should look to tokenization to reduce fraud and boost customer satisfaction.

Here we look at some of the basics that businesses should know about using payment tokens.

Using card tokenization in your payment strategy

Card tokenization is used in payments to make them more secure. It is applied to card payments or methods that use cards such as pass-through digital wallets. When a customer makes a first purchase with a business, the card information is captured and stored in a ‘token vault’. It is replaced by a unique token, often represented with a numeric code, which does not carry any of the card information, even in encrypted form. In other words, it has no inherent value.

For future transactions, the token acts as the authorization for the business to take the payment.

What is an example of PCI tokenization?

Customers enter their card details at the checkout.
Card information is sent to a dedicated server, sometimes known as a ‘token vault’.
A unique token, usually a random sequence of numbers, is generated for the card and is stored on the server.
The customer makes a purchase with a business.
The token connects with the token vault to verify the card.
Once verified, the token connects with the business’s acquirer bank to request payment from the customer’s issuing bank.
The payment is approved or declined.

Four ways businesses benefit from tokenized payments

1. Safety first

Tokenization is a more secure technology than traditional encryption techniques, because the card details are stored separately. Therefore a customer’s card details are not flying around the internet and payment networks, in danger of being hijacked. That makes data compliance easier, even more so if the business offloads management of the token vault to a third-party.

2. Lower costs

Having more data compliance should equal less expense due to fewer risks to mitigate for and the absence of potential penalties. Also, tokenization does not have the pressure that comes with encryption of developing increasingly sophisticated (and costly) algorithms to ward off hackers.

3. Less friction

Security is not a businesses’ only concern. In truth, payment security has to be balanced with checkout convenience. Here’s where businesses can reap more benefits from tokenization. Whereas most security measures add friction, payment tokenization has relatively little, if any, negative impact on a customer’s payment experience.

4. Repeat purchases

Customers who make regular payments are likely to become frustrated if they need to input their card details every time they buy from you. Worse still if these are recurring payments—think subscriptions, instalments or utility bills—where customers like to ‘set and forget’.

With tokenization businesses give customers what they want by enabling one-click payments, or giving them the option to authorize future payments.

Learn more: Instant Access: Unveiling the Magic of Push Provisioning

How Checkout.com enables tokenization

Checkout.com enables businesses to leverage payment tokenization by providing the software to generate PCI tokens. We are also able to embed PCI tokenization into your wider payments strategy. This is possible because Checkout.com also processes payments; in other words, we don’t need to hand over that aspect to a third party, with the extra risks and costs that come with that. By linking PCI tokenization with other core aspects of payments—such as checkout conversion, acceptance, and fraud—businesses create a more connected ecosystem, where opportunities are easier to identify and action.

To find out more, contact our team of payment experts.