The primary account number (PAN) – the number printed on your card - is a particularly
sensitive piece of data. EMV Payment Tokenization (or network tokenization) provides a
technology solution for protecting the PAN and securing digital and online payments.Tokenization is achieved by taking the PAN and replacing it with a unique alternative value,
a payment token. This token is limited to the merchant it’s been created for, which limits
the use of the token in case it’s ever compromised. Unlike a PAN, a network token can not be used
to process a transaction with another merchant.Network tokens comply with industry-standardized EMVCo specifications that not only
adhere to PCI standards but are also identifiable across the entire transaction lifecycle.
This enables significant ecosystem benefits for merchants using network tokens.
Higher authorization rates - Once a stored PAN has been securely replaced with a
network token, any changes to the underlying card details get automatically applied
to the associated network token. For example, if a customer’s card expires the
network would automatically update any associated network token(s) directly so that
the stored card remains current and usable with that token. This reduces the number
of charges declined due to outdated data, and increases the authorization rates -
particularly cards used for recurring and subscription payments.
Lower costs - In general the card schemes maintain a lower fee for
tokenized transactions. The exact value of this will depend on your PSP, but this can
be up to 10 bps per transaction.
Improved security - Network tokens can only be unlocked by the associated
payment network. Therefore if it is lost or stolen, criminals cannot
access the underlying card data at any point in the transaction lifecycle.
In addition, each token is bound to a specific merchant and each transaction
is protected with a one-time use cryptogram. This means that the token
by itself cannot be used to initiate a transaction.
Network tokenization is very different from acquirer tokenization or PSP tokenization, especially
when you consider the data portability benefits.
An acquirer or PSP token swaps a customer’s card details with a token
that can only be used by the service that generated the token. This restricts the re-use
and introduces considerable friction when using another service for failover, redundancy, or
migration.
A network token swaps a customer’s card details with a token that is tied to the scheme
of the card (also called the networks) and can be used by any acquirer or PSP
that can transact for that scheme. This provides ultimate flexibility to use this token with
any service, whether that is for failover or redundancy purposes, or when migrating to another service.
We recommend that you use the full range of tokenization features with our system. You can store the original
card number (PAN) in our Cloud Vault and additionally use Network Tokens for transactions. With this, you can limit
your PCI scope and optimize your payments using network tokens in an agnostic way across the payment ecosystem.