Tokenization

Tokenization

Last updated:October 25, 2024

In today’s digital landscape, merchants are constantly seeking ways to protect sensitive customer data and enhance their business operations. Tokenization is a powerful tool that not only secures card data but also enables seamless omnichannel experiences. This guide will help you understand tokenization and choose the right type for your business needs.

Understanding Tokenization

Tokenization is the process of replacing sensitive data, such as a cardholder’s primary account number (PAN), with a secure token stored in a token vault. This ensures that sensitive data is not kept in the merchant’s environment, reducing PCI compliance obligations and costs. In the event of a breach, sensitive data remains protected, maintaining consumer trust.

Choosing the Right Token for Your Business

Different types of tokens serve different purposes. Here’s a guide to help you decide which tokenization solution best fits your business needs:

Registration Tokens

Imagine you run an online store and want to offer your customers the convenience of one-click checkout. Registration Tokens are your solution.

Challenges Resolved by Registration Tokens

Simplifies PCI Compliance

By removing sensitive data from your environment, Registration Tokens help you meet PCI compliance requirements more easily, as seen in the case of a small online boutique that avoids storing sensitive card information, reducing costs and complexities associated with securing card data.

Enhances Security

Registration Tokens reduce the risk of data breaches by not storing sensitive card data, exemplified by a subscription-based streaming service that uses tokens instead of storing card details, making stolen tokens useless to hackers.

Improves Customer Experience

Registration Tokens speed up the checkout process, making it more convenient for customers, such as a frequent traveler who can quickly complete bookings with a single click through an airline’s mobile app, enhancing their overall experience.

Versatility Across Payment Methods

Registration Tokens are not limited to card payments. They can also be applied to virtual accounts (such as PayPal) or direct debits (such as SEPA IBAN-based payments). This flexibility allows merchants to offer a variety of payment options while maintaining security and convenience.

No Onboarding Required

Unlike other tokenization methods, Registration Tokens do not require onboarding with any vault. You simply register a card (or tokenize a card) and receive a UUID registration that can be used in payments. This simplifies the implementation process for merchants.

Deregistration Capability

Registration Tokens can be deregistered, meaning that the tokenized card or non-card payment method can be deactivated and no longer used in payments. This feature provides additional control and security for both merchants and customers.

Benefits

  • Simplifies PCI Compliance: Helps meet PCI compliance requirements by removing sensitive data from your environment.
  • Enhances Security: Reduces the risk of data breaches by not storing sensitive card data.
  • Improves Customer Experience: Speeds up the checkout process, making it more convenient for customers.
  • Versatility: Applies to both card and non-card payment methods, such as virtual accounts and direct debits.
  • No Onboarding Required: Easy implementation without the need for onboarding with a token vault.
  • Deregistration Capability: Allows for deactivation of tokens, providing additional control and security.

Example

A customer shopping on your online store can save their card details securely using a Registration Token. The next time they shop, they can complete their purchase with just one click, without having to re-enter their card details. This convenience can lead to increased customer satisfaction and loyalty. Additionally, if the customer decides to stop using a particular payment method, the registration token can be deregistered, ensuring it cannot be used for future transactions.

ApplePay Tokens

Imagine you run an online store that caters to a large number of Apple device users. Apple Pay Merchant Tokens (MPANs) securely link your customers’ payment cards to your business through their Apple Wallet. By using MPANs, you can offer a seamless payment experience that works across multiple devices and supports recurring transactions without being tied to any single device. This ensures that even if your customers change or lose their devices, their payment information remains accessible and secure.

Key Benefits of Using MPANs

  • Multi-device continuity: Hassle-free payments across all devices.
  • Device-independent recurring payments: Perfect for subscriptions or regular purchases.
  • Persistent payment information: Safeguards against device loss or theft.
  • Lifecycle management tools: Track token activity and revocation status.
If the card issuer supports MPAN generation, you will receive an MPAN; otherwise, a Device Payment Account Number (DPAN) will be provided.

Additional Benefits

  • Enhanced Security: Apple Pay tokens replace sensitive card details with secure tokens, reducing the risk of unauthorized use. Each transaction is authorized with a one-time unique dynamic security code.
  • Improved Customer Experience: Apple Pay tokens streamline the checkout process for Apple device users, allowing them to complete purchases quickly and easily using Face ID, Touch ID, or their device passcode.
  • Increased Trust: Customers are more likely to trust and use a payment method that is known for its security and ease of use, potentially increasing your sales.

Types MPAN Requests

  • Automatic Reload: For automatic top-ups, like adding funds to a store card.
  • Recurring Payment: For subscriptions, such as monthly streaming services.
  • Deferred Payment: For future payments, like booking a hotel room.

How to Get an MPAN

Follow our guidelines here. Ensure your card issuer supports MPAN generation.

Example

A customer shopping on your online store using their iPhone can use Apple Pay to complete their purchase with just a touch or a glance. The Apple Pay token ensures that their card details are never shared with the merchant, providing a secure and convenient payment experience.

Tokens Formats

Tokens come in two main formats:

  • Non-card format preserving. The token format is different from the sensitive information it replaces. For example, a Registration Token is converted into a universally unique identifier (UUID) in a random alphanumeric format.
  • Card format preserving. The token maintains the same format as the original PAN, but the values are randomly changed. For instance, an Omni Token keeps the first 6 digits (BIN) and last 4 digits similar to the original card number. This format is useful for loyalty programs and one-click checkout payment widgets.
Token Type Token Format Description Interactive Guide
Registration Token 123e4567-e89b-12d3-a456-426614174000 A UUID, a universally unique identifier in a random alphanumeric format. COPYandPAY
Server-to-server
Omni Token 123456XXXXXX3456 Preserves the first 6 digits (BIN) and last 4 digits of the original PAN. Server-to-server
Network Token 654321XXXXXX7890 A card format token where the first 6 and last 4 digits are randomized. COPYandPAY
Server-to-server
External Token A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6 A random alphanumeric string generated by the acquirer. Server-to-server
ApplePay Token Encrypted JSON object Contains encrypted payment data, including payment method and transaction identifier. COPYandPAY

Conclusion

Choosing the right tokenization solution depends on your specific business needs. Whether you need to enhance security, simplify PCI compliance, improve customer experience, or streamline payment processing, understanding the different types of tokens and their benefits can help you make an informed decision. Tokenization is not just about securing data; it’s about creating a better, more efficient experience for both you and your customers.


See also