The payment industry is evolving rapidly, and new technologies enable new ways to enhance customer experience and improve transaction security.
One such technology is tokenization, which is a fraud-prevention measure designed to protect sensitive payment credentials, such as credit card numbers, cardholder names, expiration dates, and bank account numbers.
The tokenization feature is a safe way to accept payments online, whether you offer one-time payments or subscriptions.
Table of Contents
What is Tokenization?
Tokenization is a process of replacing sensitive payment credentials with a unique identifier called a token. It is a fraud-prevention measure designed to protect sensitive payment data, such as:
- Credit card numbers
- Cardholder names
- Expiration dates
- Bank account numbers
In payment card tokenization, the customer’s primary account number (PAN) is replaced with an algorithmically generated number called a payment token. Payment tokens are issued in real-time via a gateway as a part of a charge operation processing.
They can be used in future payments to represent a payment card in transaction processing without exposing the actual payment card details. The current primary account number is held safe in the secure token vault.
Using payment tokens protects digital payments from criminal attempts like payment fraud, cyberattacks, or data breaches.
How Tokenization Works with Solidgate
1) Collect payment details – A customer provides payment credentials (credit card, bank account details) through an online checkout process on the merchant side.
2) Send payment details to Solidgate vault – Payment credentials are sent to the Solidgate vault without ever hitting the merchant’s server.
3) Save payment details and create a payment token – Solidgate securely saves payment credentials and links them to a token generated by Solidgate’s tokenization service. The payment token is returned to the merchant.
4) Save a payment token – A merchant saves a token and uses it for future operations without saving payment credentials.
Tokenization Services from Visa and Mastercard
International payment systems have standardized tokenization technology. The Visa Token Service (VTS) and the Mastercard Digital Enablement Service (MDES) are two such services that replace sensitive account information with payment tokens.
Using these services to process online payments is essential in protecting user data, significantly increasing the security of payments, purchases, and transfers made on the Internet.
Visa Token Service
The Visa Token Service (VTS) is a security technology from Visa that replaces sensitive account information, such as the 16-digit primary account number, with a unique digital identifier (a payment token).
Mastercard Digital Enablement Service
Mastercard Digital Enablement Service (MDES) is a data interchange platform for generating and managing secure digital payment tokens.
Solidgate as the VTS/MDES Service Provider
Using the VTS/MDES solution to process online payments is essential in protecting user data, significantly increasing the security of payments, purchases, and transfers made on the Internet.
A customer only needs to enter credit card details one-time in a personal account of the website or the merchant’s mobile application. It will then be tokenized in VTS/MDES vaults at the merchant’s request as soon as the issuing bank approves such a request.
Solidgate provides access to these services for its clients, and they don’t need extra effort to integrate with international payment systems tokenization services.
The Solidgate tokenization service gets a VTS/MDES payment token during a charge operation processing and stores it in its safe vault for future attempts to process clients’ payments.
Subscription and recurring payments of Solidgate merchants involved in VTS/MDES services will automatically be processed by VTS/MDES tokens through terminals belonging to the same websites and mobile apps where the first charge operations took place.
How is Tokenization Used in the Payment Industry?
Card on File. The first use case is when businesses have to keep a customer’s “card on file” for subscription billing and recurring payments. Solidgate’s tokenization service securely stores customer payment data and generates tokens the merchant can use to charge subsequent purchases.
One-click. The second use is when eCommerce sites or mobile applications offer frequent, returning customers “one-click” checkouts. Payment tokens provided by Solidgate’s tokenization service can be used for initiating “one-click” payments by merchants.
NFC. And the third use is within NFC mobile wallets like Apple Pay and Google Pay that use payment tokens both for online and (contactless) in-store transactions. And Solidgate as an acquirer is ready to accept and process contactless payment methods.
Tokenization vs. Encryption
Before describing the benefits of tokenization, let’s explore the differences between tokenization and encryption.
Encryption is a way of rearranging or altering data in a way that appears random. It requires using a cryptographic key or a set of mathematical values that both the sender and the recipient agree on.
While encrypted data typically appears random, the process of encryption works logically and predictably, allowing the receiver of the encrypted data to decrypt it back to its original value.
For maximum security, encryption should use keys that are complex enough to be difficult to decipher by guessing, for example.
As opposed to encryption, a security method that allows information to be deciphered with the adequate key, tokens cannot be decrypted outside the tokenization system as there’s no mathematical relationship with the original account number.
Because the token usually contains only the last four digits of the actual credit card for a specific transaction, hackers cannot access the cardholder’s whole account number.
Payment Tokenization Benefits
Safety. The primary advantage of tokenization is that it keeps payment data safe — both from internal and external threats. Because the gateway is the only party that can encrypt the token, this security measure effectively reduces consumer credit card fraud.
Because payment tokens are created through random algorithms, they cannot be reversed or linked back to any original payment data or personally sensitive data.
These randomly-generated token values are the most significant benefit for the cardholder, the merchant, and the issuer. For everyone involved in the payment process, tokenization creates a win-win-win scenario.
Efficiency. Merchants can invest fewer resources to make their payment infrastructure secure. Merchants’ systems become more PCI-compliant since they’re not storing as much financial data within their systems.
UX. In addition, VTS/MDES services can improve user experience and increase payment conversion (the number of successful payments). These solutions allow the display of current card designs in the client’s account on the website or a mobile application.
All merchants can also automatically get their customers’ card life cycle events (card reissuing, renewal, digital card art changing, etc.)
In conclusion, tokenization is a crucial technology that enhances payment security and improves the customer experience. By using payment tokens instead of sensitive payment credentials, merchants can reduce the risk of payment fraud, increase payment conversion, and lower PCI compliance costs.
Written by Andrii Vovk