Tokenization: Let’s decode this mystery right now

Tokenization has existed ever since the concept of currency was born. So, in 2019, let’s look at why tokenization in payments is important, and how it can make the payments process secure and easy for businesses.

What is tokenization in payments?

Tokenization of data means the replacing of sensitive information with a ‘representative’ or a ‘placeholder’ called a token, in order to secure the data. In the payments ecosystem, tokenization involves replacing customer PAN or card data with a randomly generated string of characters. The scope of usage for these tokens is clearly defined, such as “only for a specific merchant”, or “only for transactions from mobile” and so on.

When a payment transaction is initiated, the token is transmitted through the merchant network, in place of the PAN. This makes the transaction secure and protects customer data from hackers. If someone is looking to breach the network, the token by itself is useless because the original information cannot be retrieved with just a token.

What a token looks like:

Here’s an example of a token generated for a customer’s PAN:
Card no.: 5643 7834 9876 0011
Token generated by Token Service Provider (TSP): 6s5f 8jjf er55 0jns

SCH-tokenisation-services

How tokenization works: Transaction flow of a purchase

  • The customer enters payment information and clicks ‘PAY’ on the merchant website.
  • This information is sent to SafeCharge, who then generates a token for the customer’s PAN and sends it to the merchant. The card information is stored securely in the SafeCharge token vault. The merchant can use the token for subsequent payments from that customer.
  • The card scheme also enables tokenization for the exchange of information between the acquirer, in this case SafeCharge and the issuer.

In this process, since the PAN is not stored on the merchant network, but in the SafeCharge token vault, the chances of fraud drop significantly – hacking the token alone in not making it possible to retrieve the PAN information.

Returning customers and Recurring payments

Businesses spend a lot of efforts to build a loyal customer base. Giving a great user experience is important, especially for a returning customer. With tokenization, merchants need to only store the token that represents a customer’s card information. This means that the next time the customer purchases something, the payment information is pre-filled. And the transaction is completed with a one-click payment. From the customer’s perspective, this is a seamless user experience and for business, this means increased conversions.

To set up recurring payments, customer payment information needs to be stored. If it is stored on the merchant’s side, requirements to comply with PCI rules are increased significantly. By partnering with a payments provider who also does tokenization will remove this overhead, because the customer payment information is then stored only by the token service provider (in our case SafeCharge)

Consider a customer subscribing to a mobile & data plan from a service provider. Every month the customer needs to pay €30 for the service.

  • The first time the customer makes the payment, the merchant sends the card information to SafeCharge (the token service provider.)
  • SafeCharge will tokenize the card data and send a token back to the merchant.
  • The merchant stores this token to represent the customer’s card, i.e. it is the “card-on-file” which can be used to debit the customer’s payment the following billing cycle.

Why Tokenization is important: Benefits for merchants & customers

  1. Enhanced security: Tokenization offers a higher degree of security since the customer’s actual account/card information is not stored in the merchant’s network. Anyone trying to commit fraud will not be able to access the tokens stored in the payment provider’s secure token vault.
  2. More conversions: Since customer card details can be saved securely, repeat transactions are seamless, such as in the case of subscriptions.
  3. Reduced operating costs: So, how does tokenization reduce PCI scope? Since the task of storing secure customer information now lies with SafeCharge, the merchant’s overhead of implementing complex security solutions is eliminated. And without this added burden, merchants can focus completely on their core business.

With tokenization, you can ensure a seamless shopping experience for your customers and simplify your compliance scope. Find out how we can help you with integrating this into your payments environment.

SafeCharge Limited is an Electronic Money Institution authorised and regulated by the Central Bank of Cyprus and is a principal member of MasterCard, Visa and Unionpay International (CUP). SafeCharge Financial Services Limited is authorised and regulated by the Financial Conduct Authority as a Payment Institution. Both SafeCharge companies are wholly owned by SafeCharge International Group Limited.