When it comes to payments, there is one thing that merchants should avoid at all costs, and that is friction.
Difficult, complicated payment processes are the number one reason merchants across all industries experience cart abandonment, high churn, low authorization rates and dissatisfied customers. Research from Baymard has shown that 17% of US shoppers abandon an order if the checkout process is too complicated or takes too long. Churn can be especially detrimental to subscription businesses whose entire business model relies on recurring revenue. According to a report by KBCM Technology Group, subscription SaaS businesses lose an average of 14% of their revenue and 13% of their customers every year due to customers churning.
There’s another source of friction that enterprise businesses must tackle in order to better serve their customers: 18% of shoppers in the Baymard study identified security concerns as a reason why they didn’t complete a purchase on a site. Incidents like the Marriott data breach in 2018, in which personal data, including credit card numbers and expiration dates, of approximately 500 million guests were exposed, are unfortunately still all too common - not to mention very expensive for everyone involved.
Merchants who want to create frictionless and secure payments for their customers and improve key metrics like payment authorization, failed payments and customer lifetime value in the process should consider implementing tokenization into their payment infrastructure. In this article, we explain what tokenization is and how it can help you reduce friction in your payment processes. We will introduce you to the different types of tokens and outline which ones are the best for your type of business depending on size and transaction volume. We will then dive into the benefits of tokenization for improving your overall payment performance, increasing payment security, reducing your compliance burden and removing friction for a better customer experience.
What are tokens and how do they work in payments?
Every credit or debit card has a primary account number (PAN), a unique 16-19 digit number that is associated with that card. When a customer makes an online purchase, the PAN, along with other key details associated with cards, including name, expiration date, are collected by the merchant or payment service provider (PSP) during the transaction process.
The merchant or PSP stores sensitive card information in a payment vault and generates a unique token for each card. A token is a random string of numbers that acts as a stand-in for the card information. The processor then returns the token to the merchant so that for future transactions that are routed through the same processor, the token is used instead of the real card information. This allows the processor to handle the payment without interacting with the actual card information, which reduces the risk of exposure. This approach also allows merchants to quickly recognize repeat customers and saves customers from having to re-enter their payment details during future purchases.
Types of payment tokens
Currently there are three different types of payment tokens being used, each with its own advantages and disadvantages for merchants.
PSP tokens
A PSP token is a token issued by a single payment processor. Most PSPs offer built-in tokenization, however PSP tokens are only valid for the processor that issued it and are not easily transferable between other processors. So a token issued by Adyen cannot be used with Stripe, for example.
This can lead to major complications for businesses who work with multiple payment processors, like enterprise merchants do. The average enterprise merchant works with four or more processors as routing transactions over a variety of PSPs increases payment success and lowers costs. However, if you want to use an existing PSP token with a new or different processor, you will have to initiate a token migration with the processor that has issued the token. In practice this is a near impossible process, because it’s not possible to just migrate cards from one PSP to another because PSPs do not support outgoing and incoming integrations of each other. This is because they want to tie the merchant to their service and prevent them from using other PSPs.
Consider the steps it would take to migrate a PSP token from one PSP to another. In many cases, merchants would have to:
- Start by writing a formal letter informing the PSP that you want to migrate your tokens
- Provide an attestation of PCI compliance
- Provide the publicly listed PGP key for encryption, which the processor will have to review before the export can begin
- Provide a full scope of the migration, meaning you would have to indicate all the card data that is stored with your PSP. This usually has a limit,, so for enterprise merchants who have significantly more customers, this process would have to be repeated many times
Given the detailed nature of token migration, it can also happen that tokens get lost somewhere in the process, which defeats the purpose of the entire exercise.
This is just one of the reasons why PSP tokens are best suited for small businesses with lower transaction volumes, as working only with one or maximum two PSPs doesn’t lead to the same complications.
PSP-agnostic tokens
PSP-agnostic tokens, on the other hand, are fantastic for medium and large companies that require both control and flexibility over their payment processing. PSP-agnostic tokens offer the same benefits as PSP tokens with the key difference being that PSP-agnostic tokens aren’t tied to one specific payment processor, meaning that these tokens can be used across multiple processors without locking in the merchant with one single service provider. If you start with a PSP-agnostic token to begin with, then you can avoid the entire hassle of the migration process.
Whereas PSP tokens are developed by a single processor and stored in their own payment vault, PSP-agnostic tokens are developed by payment operating systems like Payrails and kept in their dedicated token vaults. The payment operating platform issues the agnostic token to the merchant, which the merchant can then use across all of their active PSPs. It basically acts as a saved card. Depending on the configurations and the nature of the transaction, customers might have to input their CVV code during a transaction for additional security or even confirm their transaction with 3DS.
Network tokens
Network tokens introduce a new layer of security and efficiency and are considered to be the next phase of payment tokenization. Network tokens are issued directly by card networks like Visa or Mastercard and act as a replacement for card details. They can be used instead of cards or PSP tokens and work with any PSP that also has a connection with a network. Network tokens are considered best for medium-sized businesses and large multinational companies.
When it comes to payment acceptance, network tokens typically have higher conversion rates. Although the upfront costs for network tokens are higher, it’s cheaper to process them because the interchange fee for network tokens is lower in a lot of countries and because they are considered more “trustworthy” by all participants in the payment chain, due to their low fraud risk and low chargeback ratio
However, the network token integration process is quite complex and can take up to six months in some cases. Also, not every issuer supports network tokens, so relying only on them could exclude many issuers and reduce your authorization rates.
The benefits of tokenization in payments
Payment tokenization has many benefits for global merchants that want to remove friction from several steps of their payment process. Merchants should especially invest in removing friction from recurring, subscription or repeat purchases and to ensure a higher customer lifetime value, as these contribute to long-term profitability goals.
Seamless repeat and recurring payments
One of the main benefits of using payment tokens in your payment infrastructure is that it removes a lot of inconvenience from the checkout page, especially for repeat or recurring customers. Instead of having to manually re-enter payment details every time they want to make a purchase, customers can submit an order with one click as their card details have already been securely stored as a payment token. One-click payments are fast and hassle-free. And adding the extra level of security that tokenization provides, your customers will be extremely satisfied with the checkout experience.
Decreased churn and cart abandonment
Churn is a real concern for merchants, but especially for subscription businesses: Recurly has found that the average churn rate (the total number of customers lost over a given period x 100) is around 5.57%, with voluntary churn reaching nearly 4% and involuntary churn at 1.38%. Introducing payment tokens can help to reduce friction and decrease instances of voluntary and involuntary churn.
Voluntary churn, similar to cart abandonment, happens when a customer is not happy with the payment experience – for instance, the payment process is taking too long because they have to enter their payment details and the page loading time is slow. Payment tokens make the payment process quick and seamless.
Involuntary churn occurs due to expired credit cards, insufficient funds or other technical issues out of their immediate control. This can be especially critical for subscription-based businesses as the payment process is automated. Payment tokens are updated in real-time, meaning that the PSP, payment platform or card network regularly checks for updates to the card details so that the token is always representative of the most up-to-date version. Even if the card, for example, is lost, then blocked, and eventually re-issued with a new credential, the ongoing subscription would not break.
Reduced compliance burden
Token vaults, like the one offered by Payrails, are PCI Level 1 compliant, meaning that our technology meets the highest security measures outlined by the Payment Card Industry Security Standards Council. This reduces the compliance burden for the merchant, as without our solution, the merchant would have to implement the PCI standards by themselves and also have to do yearly audits and on-site assessment, a process that can take weeks to months and cost around $70,000+ for enterprise merchants.
Improved payment authorization rates
If you are using a PSP-agnostic or network tokens, you will also be able to take advantage of using your tokens across multiple payment processors. A multi-processor strategy has been proven to increase authorization rates, as having more PSPs to choose from ensures that a transaction can always go to an available processor. So in case one PSP is down or is experiencing technical issues, the payment can still be authorized.
Note that this isn’t possible if you are using payment tokens issued by a PSP, as these limit you to a single PSP and are not transferable to other processors.
Enhanced security and fraud prevention
Card tokenization provides an added layer of security to the transaction process by encrypting sensitive payment details like PANs. In case of a security breach, card information is protected from unauthorized access by malicious actors and so customers’ financial information won’t be compromised. Tokenization also prevents entities in the transaction process chain from accessing card details.
This added security layer can also help in preventing fraud, as the tokens cannot be decrypted and the card information stolen for purposes of payment fraud. So even if a token is exposed, it is useless for potential fraudsters.
Why PSP-agnostic tokens are the best solution for enterprise merchants
Enterprise-level merchants who process high transaction volumes should be looking for a tokenization solution that is reliable, flexible and configurable according to their specific business needs. Of all the token types, PSP-agnostic tokens provide enterprise merchants with the most flexibility and autonomy to control their payment flows and remove friction along every step of the way.
With Payrails, merchants benefit from being connected to multiple PSPs and other payment partners across the globe, leading to higher acceptance rates, fewer payment failures and increased security.
No vendor lock-in
Gain the freedom to respond to market demands: With Payrails’ PSP-agnostic token vault, you won’t be tied to a single processor or gateway and can easily onboard new PSPs and switch between them using the same tokens. Once integrated, the Payrails operating platform can be customized to your specific business needs. We can add network tokens to your parameters so that you can benefit from them alongside the PSP-agnostic tokens issued by Payrails.
Better payment performance
Encourage conversions by giving your customers one-click or zero-click payment experiences. Not only does tokenization improve the overall customer experience, PSP-agnostic tokens also improve global authorization rates and boost the chances for successful payments by leveraging intelligent payment routing and retrying failed transactions across multiple PSPs. We have seen authorization rates increase by 15% and processing costs lower by 30% when merchants have access to multiple payment processors and payment methods
All inclusive payment platform
Merchants can connect to Payrails through a lightweight API that gives them access not only to a PCI-compliant token vault, but also to the full suite of payment solutions that enterprises need to scale their payments securely and smoothly. All it takes is one single integration to take advantage of our payment orchestration layer, agnostic token vault, ledger system and unified payment analytics.
Connect to 30+ global and local PSPs. Experience greater control over your payment process with less technical complexity: The Payrails platform enables you to customize payment routing across multiple PSPs while abstracting the technical complexity to handle the tokenization logic of each provider.
PCI Compliant
Our token vault is Level 1 PCI-compliant, meaning you can maintain the highest standard of data security without any additional work, regardless of the size of your business. Integrating the Payrails token vault will help you stay compliant and saves you the trouble of yearly audits and from having to implement the extensive security measures in your existing payments infrastructure.
Get in touch with Payrails
We are experienced payment professionals helping merchants to reduce friction and complexity in their payment processes. We understand that every business is unique, so we develop personalized solutions for each of our customers. If you’re an enterprise merchant who has been considering payment tokenization solutions for your payment infrastructure, we’d be more than happy to guide you through the process and consult you on how a PSP-agnostic token vault can fit your specific business needs.
Contact us today to get a personalized consultation. The benefits are waiting!