Fraud prevention and increased security are two major topics for merchants as well as for the online payments industry. An IBM report found that the average global data breach can cost $4.45 million, an increase of 15% over the last three years. This is a staggering number and explains the increased prioritization of stronger and more innovative security measures.
Tokenization has emerged as one of those measures and is already being widely adopted in the online payments space through different kinds of tokens, including network tokens, which are quickly gaining popularity. So in this edition of our Payments 101 series, you will learn what tokenization is, how it’s being used in online payments, what network tokens are and the benefits of using network tokens.
What is tokenization?
Tokenization is the process by which sensitive digital and analog information is replaced with a unique string of numbers to act as a representation of that information. The resulting string of numbers is called a token. Tokenization is a form of encryption that is commonly used whenever sensitive information is at play and needs to be kept private and securely stored. That’s why tokenization is often used in financial processes, for example for card payments.
Nowadays tokens have entered the mainstream and are commonly used during regular online transactions in order to replace card information and reduce the risk of exposure.
How is tokenization useful for processing online payments?
Every credit or debit card has a primary account number (PAN), a unique 16-19 digit number that is associated with that card. When a customer makes an online purchase, the PAN, along with other key details associated with cards, including cardholder name, expiration date, are collected by the payment service provider (PSP) during the transaction process.
Tokenization allows the processor to turn the PAN into a token so that they and any other third parties aren’t exposed to the data associated with the card. Not only is this approach more secure, it also allows merchants to quickly recognize repeat customers and saves customers from having to re-enter their payment details during future purchases.
What are network tokens?
In the online payments space, there are three different tokens that are commonly used: PSP tokens, PSP-agnostic tokens and network tokens.
PSP tokens are issued by a single processor and are only valid for that processor. This means that they are not easily transferable between other processors. So a token issued by Adyen cannot be used with Stripe, for example.
PSP-agnostic tokens are not issued by a single processor but instead they are created by third parties like payment operating platforms. This means that these types of tokens can be used across all processors.
Finally, there are network tokens, which are issued directly by card schemes like Visa, Amex or Mastercard and act as a replacement for card details. They are generated automatically whenever a customer uses their card in a transaction. Network tokens are valid for any PSP and acquirer that also has a connection with a network.
How do network tokens work?
Network tokens are generated in real-time by card schemes, meaning that they are created during an online transaction. The network token provisioning process takes place during the regular payment processing or card storing process.
- The cardholder enters all of their card information, including name, PAN, the CVV code and the card’s expiry date, into the payment fields of the merchant’s checkout page.
- After all of this information is inputted, the information is passed along to the relevant parties that have registered with the card schemes for network tokenization. This can be the merchant, a third-party token vault provider, a gateway, a PSP, or an acquirer.
- The card network creates the network token and then sends it to the issuer (the cardholder’s bank) as well as back to the PSP.
- The network token along with the cryptogram can be used in the authorization process if one was initiated at this point.
- The parties registered with the card scheme send the network token back to the merchant, who can store the token for future purchases made with the same card.
- For future transactions, the network token can be used with any PSP and acquirer if the token was provisioned under the merchant as a merchant of record.
- For merchant-initiated transactions, only the network token is needed. But for customer-initiated transactions (CIT), a new cryptogram is needed. The merchant must then retrieve the cryptogram using the registered third party and then provide it in the payment processing flow with a network token.
💡A note on token ownership: The party that is registered and certified by the card scheme to provision network tokens can request these under their name or onboard other parties under the onboarded party’s name. Who is the merchant of record during the provisioning process depends on who is the owner of the network tokens. As a merchant, it is always in your best interest to be the merchant of record so that you retain full flexibility to use the network token with any registered third party.
There are many third parties that do not provision network tokens under the merchant's name but rather under their own name. This makes the use of network tokens via another party impossible, i.e. they are no longer interoperable. Try to avoid this lock-in by becoming the merchant of record.
What are the benefits of network tokens?
When it comes to payment acceptance, network tokens typically have higher conversion rates. Although the upfront costs for network tokens are higher, it’s cheaper to process them because the interchange fee for network tokens is lower in a lot of countries and because they are considered more “trustworthy” by all participants in the payment chain, due to their low fraud risk and low chargeback ratio. Also, card schemes started charging additional fees for payments that use the PAN. Network tokens are ideal for both enterprises and SMBs for all of these reasons.
Along with being cost-effective and having high acceptance rates, the short and long term benefits of using network tokens are comparable to the benefits of PSP-agnostic tokens, which are:
Reduced churn and cart abandonment
Network tokens help to create a more seamless and fast checkout experience for customers, which has shown to help curtail both voluntary and involuntary churn. Voluntary churn, like card abandonment, happens when the payment process is too complicated or takes too long, like when a customer has to re-enter their payment information every time they make a purchase. Tokens speed up the entire payment process since the payment information has already been stored with the merchant in tokenized form, eliminating the need to re-enter information.
Involuntary churn, i.e. a failed payment due to outdated card information, is also addressed by network tokens: as card information associated with the token is automatically updated in real time, it doesn’t matter if a card is expired or has been lost or stolen. The transaction can still be processed successfully. Considering that 33% of customers abandon a transaction if it doesn’t go through the first time, this is an incredibly valuable benefit.
Higher authorization rates
As network tokens can be used with all participants along the payment chain, merchants can take advantage of a multi-PSP setup. A multi-processor strategy has been proven to increase authorization rates, as having more PSPs to choose from ensures that a transaction can always go to an available processor. So in case one PSP is down or is experiencing technical issues, the payment can still be authorized. A report from Visa shows that using network tokenization can increase authorization rates by up to 2%.
Enhanced security
Network tokenization provides an added layer of security to the transaction process by encrypting sensitive payment details like PANs. This enhanced security comes by way of a unique cryptogram which is generated with each token. For all customer-initiated transactions (CIT), a cryptogram is required along with the network token. Not only does this prevent entities in the transaction process chain from accessing card details, it is also a critical feature considering that security breaches are unfortunately becoming not only more common but larger in scale. In case of a security breach at any one of the players in the payment chain, the customer’s card information is protected from unauthorized access by malicious actors and so their financial information won’t be compromised.
Reduced fraud
Network tokenization aids in fraud prevention as the tokens cannot be decrypted, so the card information that the token represents cannot be stolen for the purpose of committing payment fraud. Even if a token is exposed, it is useless for potential fraudsters. And this is the case at every stage of the payment ecosystem: network tokens, once issued, are used at every stage during the payment process, adding a comprehensive layer of security.
The future of network tokens
As tokenization becomes more widely adopted, the scope and functionality of network tokens will also evolve. It’s expected that, in the future, payment tokens will not only obscure a card’s PAN but will fully tokenize all information related to the card. In the coming years, it’s expected that PANs will become obsolete and that all card payments will be processed with network tokens.
Another pain point that might be solved in the future is the speed of network token integration. Currently, the integration process of network tokens is quite complex and can take six months or more to complete in some cases. Another issue is that not every card issuer supports network tokens, so relying only on them could exclude a lot of necessary and valuable players from the merchant’s transaction process.
Learn more about payment tokens for your business
Curious about how tokenization can help improve payments in your business? We at Payrails have extensive experience in implementing tokenization and payment tokens for merchants across all industries. To learn more about which type of tokens are the best for your business, get in touch with us today.