Today, network tokenization is crucial for businesses that accept card payments, whether online or in person. As a vital part of eCommerce fraud prevention, merchants must understand how these tokens work and simplify recurring payment processes while enhancing transaction security.
Tokenization has safeguarded digital payments since the mid-1990s, starting with the rise of online shopping. Early solutions replaced account numbers and other sensitive information with payment tokens, adding an extra security layer to secure payment pages. By the 2000s, merchants needed to simplify payments by connecting directly with their payment service providers, giving them more control over their customers’ payment experiences.Then, in 2014, modern network tokenization emerged, first used by digital wallet solutions to reduce the risk of data breaches. Card networks issued tokens to protect sensitive data for the first time, introducing global interoperability and dynamic security to help merchants stay ahead of emerging threats.
What is network tokenization?
Network tokens replace sensitive payment and card information throughout the transaction process. These digital payment tokens, unique and generated by card networks like Visa and Mastercard, serve as a secure proxy for sensitive data. They replace primary account numbers (PANs) and other sensitive details rather than being managed by merchants or their payment service providers (PSP).
Though often used interchangeably, network tokens and payment tokens serve different purposes. Network tokens are issued by card networks and are widely recognized across the entire payment ecosystem. In contrast, payment tokens encompass any tokens utilized in digital payments. There are several types of tokenization techniques, like payment gateway tokenization, PAN tokenization and PCI tokenization. That means network tokens are a type of payment token, but not every payment token is a network token.
Several key features define network tokens:
- They are created by card networks, not by merchants or payment processors.
- Each token is unique and linked to a specific customer and account number, making it useless if intercepted.
- Tokens are generated when customers start a transaction.
Network tokens can be used across channels and devices, providing more versatility than other payment tokenization methods. Unlike merchant or payment gateway tokens, network tokens are widely recognized across the payments ecosystem because they come directly from the card networks. A cryptogram – a security code – is typically included in each token transaction to authenticate the transaction. This means that if someone intercepts the token, it’s useless without the cryptogram, adding an additional layer of security to the payment process.
How does tokenization work?
All network tokenization processing occurs behind the scenes to facilitate frictionless payments for customers and enhanced transaction security for merchants. Tokenization begins when a customer initiates a transaction. Once they provide their payment details, information is sent to their card issuer, which generates a network token that is then shared with both the customer’s bank and the merchant’s PSP. Since the merchant can store this information to streamline and protect future transactions, network tokenization is sometimes called card-on-file tokenization.
Network Tokenization, Step by Step
Step 1; The customer enters their card details into the merchant’s system
Step 2; The merchant sends the request to the card network and requests a network token
Step 3; The card network works with the customer’s bank to approve or deny the request
Step 4; If approved, the card network generates a token and shares it with the merchant’s gateway
Step 5; The merchant stores the network token for future use
For example, if Jess saves her Discover card information in her account on an e-commerce site, the site can request a network token instead of the PAN. The next time Jess makes a purchase, the merchant submits the token and Discover maps it to Jess’ actual account information to complete the transaction.
No comments:
Post a Comment