The dramatic shift in consumer spending habits of the past few years continues unabated, with consumers today completing one in five transactions digitally. However, as eCommerce growth outpaces in-store sales, new challenges have arisen alongside it. The rate of fraud has grown in parallel — yet the demand for effortless digital payments is higher than ever. Achieving the right balance between payment seamlessness and security can mean the difference between success and failure for merchants in the new digital landscape.
Every merchant faces an ongoing struggle to keep stored payment data both secure and up to date. Tokenization is a foundational tool that satisfies the highest security standards without sacrificing the customer experience. Network tokenization represents the latest iteration in the ongoing evolution of this technology. Network tokens, provisioned by the major payment card networks in partnership with issuing banks, enable merchants to protect sensitive card payment information while reducing costs and boosting sales. As digital commerce expands, network tokenization technology is rightfully gaining adoption as a tool for ensuring transactions’ safety and enhancing the customer experience.
Payment “tokens” — unique digital identifiers used to replace sensitive payment details throughout a transaction chain — cannot be easily reverse-engineered to expose the underlying data, making them less valuable to hackers and other fraudsters.
Tokenization is not a novel idea, but payments tokenization has matured rapidly in recent years. Tokens are unique digital identifiers used to replace sensitive payment details throughout all parts of the payment chain.
A merchant’s online payment platform that uses tokenization will substitute a customer’s payment information, such as a bank account or credit card number, with a payment token, which has no value in and of itself. The token, generally consisting of a string of randomly generated alphanumeric characters, then takes the place of the payment data when processing the customer’s payment or sharing that customer’s payment information with any other endpoint in the payments flow. Meanwhile, the customer’s actual card data, referred to as the primary account number (PAN) information, is stored away in a secure database known as a token vault.
The tokens themselves can safely retrieve PAN data as needed, but because they are much more difficult to reverse-engineer, tokens are useless to hackers and other fraudsters. Thus, through tokenization, merchants can offer secure transactions to their customers without risking fraud or data breaches.
Tokenization is not to be confused with encryption, which offers protection of sensitive information by using a “key” to scramble data. Whereas encryption results in identical output when using the same key, tokenization produces a unique token for each instance of PAN data entry, even if that data is identical. This gives the edge to tokenization over encryption by reducing the risk of hackers recognizing data patterns.
In addition, tokenization can maintain the original data format, such as a 16-digit numeric configuration to replace a credit card number. This allows for easy substitution of the token into existing payment systems, whereas encrypted data formats may vary widely, often requiring system modifications for their use. Because of these features, tokenization is frequently the better choice.
Tokenization can enable eCommerce merchants to offer secure automated checkout, relieving customers of the inconvenience of having to enter their payment details each time they transact. The benefits to merchants are mutual: Tokenization offers an easier, safer customer experience that inspires trust, paving the way to long-term customer loyalty. Better data security also means better and easier compliance with data protection regulations.
The Payment Card Industry Data Security Standard (PCI DSS), a set of rules governing companies’ handling of credit card data, is aimed at reducing the risks of a data breach. PCI DSS compliance is a requirement for merchants that operate with most major payment card companies, such as Mastercard or Visa, with heavy fines and reputational consequences for failure to comply. With a projected volume of 1 trillion transactions by 2026, tokenization has become a trusted payment security option that meets these standards in a cost-effective way.
Network tokens, generated automatically by card networks such as Mastercard and Visa, offer added fraud protection and a security advantage over other tokens that can benefit merchants and customers alike.
There are many ways to tokenize a payment card. PCI tokens, so named because they fulfill PCI compliance requirements, are tokens provided to merchants by their vault providers. These may be their payment service providers (PSPs), or agnostic providers, such as Spreedly. Network tokens, on the other hand, are generated automatically by the card networks themselves, such as Mastercard, Visa, American Express and Discover, as customers use their cards. Newer mobile wallets, such as Paze, are also beginning to leverage network tokenization technology for securing their customers’ transactions.
The process for network tokenization starts with the merchant selecting a PSP that supports network tokens and being approved by the networks as an authorized token requester. When the customer enters their card details — such as PAN, card verification value (CVV) and expiration date — on the merchant site, the merchant makes a request to its PSP to convert the raw card data to a network token. The resulting network token is used in the payments flow instead of the PAN data.
Network tokens increase cohesion between all parties in the payments chain. They are merchant-specific and may be used across PSPs. This increased fidelity between merchants, PSPs/acquirers, card networks and issuing banks benefits all parties. This key difference in their interoperability gives network tokens a security edge that benefits merchants and customers alike.
Because a network token conceals the card details at every stage of the transaction, it offers greater protection from fraud than a PCI token. The card network also generates a cryptogram for each transaction, thus adding another layer of security.
Source: Sjogren, A. Network Tokenization Explained. Spreedly. 2023. https://www.spreedly.com/blog/network-tokenization-explained. Accessed November 2023.
Network tokens offer specific advantages from which every business can benefit. These include the following:
1. Greater security
As noted above, PCI or proprietary tokens protect sensitive information when it is being stored with the merchant once a transaction is complete, reducing the risk and consequences of a data breach. However, PCI tokens are not interoperable throughout the payment processing chain. Because a network token conceals the card at every stage of the transaction, it offers significantly greater fraud protection than an ordinary PCI token.
Unlike PCI tokens, network tokens maintain their tokenized format as they are passed to all participants in a transaction, including PSPs, card networks and issuers. The card network also generates a cryptogram for each transaction, thus adding another layer of security. With card fraud loss projections topping $165 billion in the next 10 years, companies need additional security measures to reduce fraudulent activity more than ever.
2. Reduced costs
Network tokenization also eases companies’ PCI compliance efforts by minimizing the amount of payment data that is subject to PCI-DSS requirements. By tapping into network tokens to secure customers’ transactions, businesses can streamline their payment security procedures and spend less time and fewer resources on compliance.
Because of network tokens’ extra security, there is also a more obvious cost incentive to use them: Card networks are experimenting with incentivizing network token use or disincentivizing non-network token use for merchants. As eCommerce grows, such transactional fees will only become a bigger pain point directly affecting merchants’ bottom lines, so adopting network tokenization is becoming all the more necessary.
3. Higher authorization rates
Network tokenization also benefits merchants by updating cardholder credentials in real time, leading to higher authorization rates and minimizing the risk of involuntary churn. False declines result in more than $331 billion lost each year — a number that can only grow as more consumers shop online. Because network tokens update proactively, expired card and other out-of-date information that might cause a transaction to be declined is no longer an issue. Companies will go to great lengths to improve their authorization rates by even a few points, but Visa data shows that network tokens can boost authorizations by an average of 2.1%, translating to an increase of up to tens of millions of dollars.
Nowhere is this more critical than in subscription-based businesses, which rely on card information being current to avoid disruption in income streams. Network tokenization is ideal for these businesses, as it embeds card-updating capability, substantially reducing losses in recurring transactions. For example, if outdated card information causes the failure of even 1% of payments, a $10 monthly streaming service with one million subscribers could lose $100,000 per month.
4. Better customer experience
These reductions in merchant losses map to real customer benefits. Studies show that nearly 35% of cardholders will stop shopping with a merchant even after a single card decline. Network tokens are evergreen until an account is closed, which means that customers no longer need to experience false declines or log in to update their payment methods. This results in a more convenient and secure user experience.
Network tokens are playing an increasing role in the global payments ecosystem, and as such, merchants must have the tools in place to support them. PYMNTS Intelligence offers the following for consideration:
Network tokenization is becoming an essential feature of eCommerce. Payments orchestrators and other specialists can offer expert advice on how merchants can make the most of their payments by leveraging this technology.
The post Why Network Tokenization Is eCommerce’s Newest Essential first appeared on PYMNTS.com.