Tokenization — also known as payments tokenization — is the process by which payments data is replaced with a unique numeric sequence, known as a token. Tokens hold no intrinsic value and are meaningless without the corresponding original data, which is stored in aho secure token vault. Tokenization is commonly used to secure financial transactions because tokens cannot be reverse-engineered to reveal the original value they represent, minimizing the risks associated with data breaches and maintaining the confidentiality and integrity of the underlying data.
What is network tokenization?
Network tokenization is a form of payments tokenization in which card networks such as Visa, Mastercard, Discover and American Express replace primary account numbers (PANs) and other card details with a unique identifier, known as a network token. These network tokens act as a surrogate value for PANs within the respective card network’s payments ecosystem.
Although network tokenization is not a new concept, there are a growing number of card-on-file eCommerce use cases, which have opened the door to significant opportunities for merchants.
How do network tokens differ from merchant tokens?
The general concept behind network tokenization and merchant tokenization is similar: a unique numeric sequence replaces a value to enhance payments security. However, merchant tokens (also known as PCI tokens) are generated by a merchant or its payments service provider and exist solely within that merchant’s payments ecosystem.
The problem with this approach is that multiple parties — not just the merchant — need to be able to securely handle card data, including the PAN, expiration date and card verification value. This introduces multiple points of failure and increases the risk of consumers’ payments card data being compromised. Network tokens mitigate the risk of exposure by making cardholders’ issuing banks part of the token approval process. For best results, merchants should use a combination of merchant tokens and network tokens to secure payments. Though it does not happen often, a card network may randomly change the network token for a customer’s PAN, making it unsuitable for any merchant that wants to use that token to track customer buying patterns and monitor their fraud risk. Additionally, if a merchant were to change its network provider, its network token would change as well, causing that merchant to lose cardholders’ payments history.
How does network tokenization work?
The network tokenization process is fairly simple:
A customer initiates a transaction, entering their card details.
The merchant receives those details and passes them through a token gateway to the card network, which is responsible for generating a network token.
The card network shares the merchant’s request with the cardholder’s issuing bank, which either approves or denies it.
If the issuer approves the request, the card network then generates a token and sends it back through the gateway to the merchant.
Once this process is complete, the merchant can store this network token for future use. Any time that customer makes a purchase through that merchant, the merchant will use the token — as well as a cryptogram generated by the card scheme — in place of their payment credentials.
How does network tokenization work compared to merchant tokenization?
The merchant token provisioning flow is similar to that of a network token provisioning flow, albeit simpler:
A customer initiates a transaction by entering their card details.
The merchant receives those details and passes them through a payments gateway to a third-party tokenization service provider, which is responsible for generating a merchant token.
The tokenization service provider generates a merchant token and sends it back through the gateway to the merchant. Again, once this process is complete, the merchant can store the merchant token for future use. You’ll notice that merchant tokenization does not require any approvals, and that neither the card network nor the issuing bank are involved in the process. As a result, merchant tokens are only secure when they are within a merchant’s ecosystem.
What problems do network tokens solve?
Network tokens solve a range of problems for merchants, including:
False declines
Due to the fraud risks commonly associated with card-not-present (CNP) payments, authorization and acceptance rates for online transactions are substantially lower than those for in-person, card-present ones. And with low authorization and acceptance rates comes a higher rate of false declines — when a legitimate transaction is wrongly rejected due to a suspicion of fraudulent activity.
False declines can be incredibly damaging to merchants’ businesses. According to a 2021 report from ClearSale, 39 percent of cardholders said that they would stop shopping with a merchant after even a single false decline. To avoid losing business and loyal customers, merchants need a way to understand and address declined transactions. There are a few ways they can go about this, including working with a payments service provider capable of orchestrating multi-acquirer strategies and offering a wider variety of payment methods.
login to mobile app, cybersecurity, private access with username and password to personal data, concept on screen of smartphone
39%
The number of cardholders who said that they would stop shopping with a merchant after even a single false decline
Network tokenization is also key to limiting false declines and boosting acceptance rates. Since issuing banks are involved in the network token approval process, there’s greater trust at the outset, which can improve authorization rates by as much as 2.1 percent. Network tokens are also updated dynamically, reducing false declines and involuntary churn, especially among subscription businesses.
Out-of-date accounts
One of the biggest challenges in eCommerce is that stored card details become unusable when cards are lost, stolen or expire. Although consumers appreciate the convenience of one-click checkout when finalizing purchases, having outdated, unusable card credentials on file can lead to false declines — which can, in turn, increase cart abandonment rates.
Network tokens completely resolve this issue because issuing banks are mandated by card networks to update their tokens in real time to reflect any account changes. This reduces the rate of false declines, saves merchants the administrative effort of reaching out to consumers to update their payment credentials and creates a frictionless payments experience for consumers.
Increased Fraud
According to a 2022 study from Statista, merchants in the United States lost about $3.75 for every dollar of online fraud — a 20% increase from pre-pandemic figures. It’s clear that as eCommerce grows, so too, does fraud. Over the past few years, end-to-end encryption and EMV Specifications have made card-present, point-of-sale transactions more secure, forcing fraudsters to redirect their attention to CNP payments — and increasing costs for merchants.
Typically, when a fraudulent CNP transaction takes place, the cardholder will initiate a chargeback with their issuing bank. In many cases, merchants bear financial liability for these chargebacks, since the issuer isn’t involved until the payment is authorized. With network tokenization, the issuer is actively involved in the approval of the network token.
$3.75
Lost by merchants for every dollar of online fraud in the United States (resulting in a 20% increase from pre-pandemic figures)
Traditionally, a merchant would attempt to verify a cardholder’s account before tokenizing a card, with the goal of ensuring that the account was in good standing and that the card could be stored on file for future payments. Network tokenization shifts this responsibility — and the financial liability for a potential chargeback — to the issuing bank. As a result, network tokenization significantly reduces both merchants’ fraud risk — by as much as 26 percent — and financial obligation.
Poorly protected card data
For all their built-in protections, payment cards still have their vulnerabilities and can be attacked on several fronts. More specifically, criminals have the opportunity to steal payments card data wherever it is entered, stored or transmitted. Network tokenization protects card data in transmission by generating a secure token to represent a cardholder’s PAN. This issuing network then uses this token, which cannot be decoded, in place of the cardholder’s PAN for all transactions.
Cardholder-initiated transactions also require a dynamic cryptogram — generated by a card network — for added security. Each cryptogram is unique to the network token, the onboarded merchant and the authorized transaction.
Payments friction
Although strong customer authentication (SCA) requirements in Europe make card-based payments more secure, they also introduce additional security checks to the checkout process, lowering approval rates.
For merchants, a frictionless payments experience is non-negotiable. Fortunately, network tokenization facilitates strong SCA without the friction by replacing sensitive card details with tokens and using cryptograms for enhanced security. When strategically leveraged in combination with SCA exemptions, such as risk-based authentication, merchants can deliver a robust, compliant security framework without compromising a convenient, consumer-friendly checkout process.
Increased costs
Merchants must pay a merchant discount rate (MDR) to the acquirer for every payment they process. This MDR encompasses a variety of fees, including interchange fees, which often account for the vast majority of the overall MDR. Acquirers pay interchange fees to card issuers any time a transaction is completed through a card scheme
However, certain schemes — Visa and Mastercard, in particular — have chosen to prioritize network tokenization over collecting interchange fees. As a result, these schemes have announced either basis points (bps) reductions or increases for CNP transactions. For reference, a single bps is worth 1/100th of a percentage point, or 0.01 percent.
Visa has reduced interchange fees by up to 5–10 bps for merchants that transact with network tokens in the U.S., Australia, Canada, Japan and several other countries. This discount is substantial. Put into context, for a business with a volume of $100,000,000 USD per month, a 10 bps reduction on Visa interchange fees would amount to $100,000 USD.
In this case, merchants that do not use network tokens are quite literally leaving money on the table.
Merchants can also be penalized for not using network tokens. As of October 2023, Visa has increased interchange fees in Europe by up to 2.5 bps, which the scheme has referred to as a “behavioral fee.” Mastercard does not offer a bps discount but, like Visa, has increased interchange fees in Europe — in this case, by up to 5 bps.
If there’s one thing that’s clear, there’s a real financial incentive for merchants to leverage network tokenization. To find out how much your business stands to save by implementing network tokenization, try out our free savings calculator.
How can merchants implement network tokenization?
Though the obvious answer to this question would be to set up a direct integration with major card networks, these networks’ rules change and APIs evolve frequently, which can be difficult for merchants to manage. There’s also the challenge of handling network tokens with multiple payment gateways, which builds in an additional layer of complexity. To resolve both of these issues, merchants should look to partner with an effective token service provider, such as ACI Worldwide, to implement and manage network tokenization.
The ACI Payments Orchestration Platform is capable of not only integrating with all major card networks for network tokenization but also processing payments via multiple acquirers. By consolidating both payments and tokens within a single platform, the ACI Payments Orchestration Platform enables merchants to enhance payments security and PCI compliance, create frictionless omnichannel customer experiences and increase conversion rates.
