Frictionless security: the unexplored potential of network tokenisation
Back to all
articles

Share this post:

Frictionless security: the unexplored potential of network tokenisation

Share this post:

articles

The payment ecosystem is dynamic and full of challenges for e-commerce players. In pursuit of business success, merchants strive for the perfect balance between providing a seamless customer experience and the ultimate security for their customers' card data. Is this balance even possible? The answer is nothing but yes, and here's where network tokenisation comes into play.

Let's dive into network tokenisation and discover why merchants consider it not as a new way to process card transactions but a fundamental tool for boosting their businesses.

What is network tokenisation?

If you interact with payment services, you have probably heard about tokenisation technology. It's a process when entered card details are replaced with a random string of numbers — a token that can be used for processing payments without exposing sensitive details. Essentially, network tokenisation only slightly differs from this concept.

Network tokenisation refers to a type of tokenisation when PANs (Primary Account Numbers identifying the card issuer and cardholder account) are replaced with unique tokens issued by major card networks — Visa, Mastercard, Discover, and others.

When you provide a merchant with your card details, this data is replaced by an unsensitive string — a network token, which is stored on a secure server and used by the merchant for repeat transactions. By using network tokens to process payments, e-commerce businesses eliminate the need for your primary card data to participate in the process. What's more, your sensitive PAN information won't even be stored anywhere. Each network token in a card-merchant pair is unique and can't be used across businesses.

Why use network tokenisation?

What prompted the world-known card networks to develop their network tokenisation solutions? From the perspective of issuing banks, e-commerce transactions are riskier and more vulnerable to fraud, so they are more likely to be declined. However, the ever-evolving e-commerce is more shaping the payment environment than adapting to it. To get rid of any barriers that may arise between merchants, issuing banks, and financial institutions, major card networks presented their own tokenisation services — Mastercard Digital Enablement Service (MDES) and Visa Token Service (VTS). This way, the payment network enables all participants in the payment flow to achieve the near-perfect balance between regulatory compliance, improved customer experience, and enhanced transaction security.

Third-party tokenisation vs. network tokenisation: what's the difference?

Let's say you're a merchant who provides subscription-based services. Here's what third-party tokenisation will do to your customers' payments.

  • The customer enters their sensitive card details on your checkout page. By sending them, they put this data at your disposal for further regular payments.
  • Unencrypted payment information is redirected to the third-party payment service provider you partner with. The system creates a unique token assigned to the customer's payment profile. This token will be securely stored on the provider's PCI DDS compliant server and used for further transactions. Thus, the customer will not need to reenter the card information to pay for your service next time.
  • Third-party tokens are only meaningful to you and your payment service provider. The token becomes invalid as soon as the transaction gets to the card network or issuing bank.
  • If the customer decides to reissue the card in another bank or it expires, the token linked to it will no longer be valid. Now you need to contact the customer to update the payment information in the system. Otherwise, you won't be able to receive new payments from them.

The network tokenisation scenario is quite similar to the third-party one, but a few significant differences are worth noting.

  • Issued by card brands, network tokens are involved in every stage of transaction processing. There is no moment when the card data is not encrypted. On the contrary, third-party tokenisation requires you to collect raw card details, exposing them to a risk of interception.
  • Only payment solutions certified and approved by card networks can use network tokenisation. Such solutions are called Token Requestors, which act as intermediaries for each payment, asking the card network for confirmation with every transaction.
  • With network tokenisation, tokens are stored on the card networks' servers and exist independently of the physical card. Even if the card expires or gets reissued, the network tokens are updated in real time. It means the customer doesn’t need to relink the card to your service.

Now it's time to learn how network tokenisation impacts your business goals.

network tokenisation infographics

What are the benefits of network tokenisation?

Network tokenisation is a win-win technology as all participants in the payment ecosystem can cash in on it. Now we'll describe the main benefits of network tokens.

Enhanced security

Network tokenisation eliminates the need for sensitive cardholder data to enter the payment ecosystem, reducing the risk of that data being intercepted and used by fraudsters. Put simply, tokenised card data is useless if stolen. By using network tokens, merchants can provide end-to-end protection throughout the transaction lifecycle and mitigate payment risks in the most efficient manner.

💡 MORE: How to reduce payment risks in 5 steps

Fighting false declines

Expired cards, false declines, and delays are painful issues for e-commerce businesses, especially those that operate on a subscription basis. Since network tokens exist independently of the physical bank cards, merchants always have up-to-date data for all cards-on-file. If the customer's card is expired or reissued, the card network automatically "informs" each merchant-specific network token about those changes.

Thus, network tokenisation gives merchants peace of mind by preventing declines due to card expiration, loss, or theft while improving payment sucess rates.

Smooth checkout experience

A flawless customer experience is a top priority for merchants. With network tokenisation, businesses running on a recurring billing model no longer need to request CVV/CVC or other verifications that the customer may forget or enter incorrectly. Plus, the automatically updated network tokens eliminate the possibility of late or missed payments due to out-of-date card details. Thus, network tokenisation is mutually beneficial for merchants and their customers by ensuring fast, frictionless, and secure checkout.

Final thoughts

It is still early days for network tokenisation in e-commerce, but many merchants are already reaping the benefits. Unlike regular PCI tokenisation, network tokenisation can offer much more than just basic transaction security. Reduced financial losses, less payment declines, and improved sales — this is exactly what business owners strive for.

Do you want to streamline the payment process and provide your customers with a superior user experience? Corefy's robust security solutions give merchants flexibility to create payment scenarios that best fit their business needs. See for yourself!

Share this post: