The payment ecosystem is dynamic and full of challenges for e-commerce players. In pursuit of business success, merchants strive for the perfect balance between providing a seamless shopping experience and the ultimate security for their customers’ card data. Is this balance even possible? The answer is nothing but yes, and here’s where network tokenisation comes into play.
In this article, we will dive into network tokenisation and discover why merchants increasingly consider it not as an add-on but a fundamental tool for boosting their businesses. Let’s go!
What is network tokenisation?
Tokenisation technology is not new to payments and those who interact with them. It’s a process when entered card details are replaced with a random string of numbers — a token that can be used for processing payments without exposing sensitive details. But what is network tokenisation?
Network tokenisation refers to a type of tokenisation when PANs (Primary Account Numbers identifying the card issuer and cardholder account) are replaced with unique tokens issued by major card networks — Visa, Mastercard, Discover, and others.
What prompted the world-known card networks to develop their tokenisation solutions? From the perspective of issuing banks, e-commerce payments are riskier and more vulnerable to fraud, so they are more likely to be declined. However, the ever-evolving e-commerce is more shaping the payment environment than adapting to it. To close the gap between merchants, issuing banks, and financial institutions, major card networks presented their own tokenisation services — Mastercard Digital Enablement Service (MDES) and Visa Token Service (VTS).
The difference between third-party tokenisation and network tokenisation
Let’s say you’re a merchant that provides subscription-based services. Here’s what regular third-party tokenisation will do to your customers’ payments.
- The customer enters their sensitive card details on your checkout page. By sending them, they put this data at your disposal for further regular payments.
- Unencrypted payment information is redirected to the third-party PSP you partner with. The system creates a unique token assigned to the customer’s payment profile. This token will be securely stored on the provider’s PCI DDS compliant server and used for further transactions. Thus, the customer will not need to reenter card information to pay for your service next time.
- Third-party tokens are only meaningful to you and your payment provider. The token becomes invalid as soon as the transaction gets to the card network or issuing bank.
- If the customer decides to reissue the card in another bank or it has expired, the token linked to it is no longer valid. Now you need to contact the customer to update the payment information in the system. Otherwise, you will not be able to receive new payments from them.
The network tokenisation scenario is quite similar to the third-party one, but a few significant differences are worth noting.
- Issued by card brands, network tokens are involved in every stage of transaction processing. There is no moment when the card data is not encrypted. On the contrary, third-party tokenisation requires you to collect raw card details, exposing them to a risk of interception.
- Only payment solutions certified and approved by card networks can use network tokenisation. Such solutions are called Token Requestors, which act as intermediaries for each payment, asking the card network for confirmation with every transaction.
- Network tokens are stored on the card networks’ servers and exist independently of the physical card. Even if the card expires or is reissued, the token remains the same. It means the customer doesn’t need to relink the card to your service.
Why do merchants need network tokenisation?
Network tokenisation has become widespread in e-commerce primarily because it satisfies the needs of merchants to create a seamless shopping experience with enhanced online transaction security. Let’s find out how this near-perfect balance is achieved.
Network tokenisation eliminates the need for sensitive cardholder data to enter the payment ecosystem, reducing the risk of that data being intercepted and used by fraudsters. Put simply, tokenised card data is useless if stolen. By providing end-to-end protection during the transaction lifecycle, network tokenisation allows merchants to mitigate payment risks in the most efficient manner.
Get comprehensive information on reducing payment risks from this article.
Fighting false declines
Expired cards, false declines, and delays are painful issues for e-commerce businesses, especially those that operate on a subscription basis. Since network tokens exist independently of the physical bank cards, merchants always have up-to-date data for all cards-on-file. If the customer’s card is expired or reissued, the card network automatically “informs” each merchant-specific network token about those changes.
Thus, network tokenisation gives merchants peace of mind by preventing declines due to card expiration, loss, or theft while improving the authorisation rates.
Smooth checkout experience
A frictionless shopping experience is a top priority for merchants who want to win customer loyalty. With network tokenisation, businesses no longer need to request CVV/CVC or other verifications that the customer may forget or enter incorrectly. Plus, the automatically updated network tokens eliminate the possibility of late or missed payments due to out-of-date card details. Thus, network tokenisation works mutually beneficial for merchants and their customers by ensuring fast, frictionless, and secure checkout.
Do you want to streamline the payment process and provide your customers with a superior user experience? Corefy’s robust security solutions give merchants tremendous flexibility to create payment scenarios that best fit their business needs. See for yourself!