Thomas van Til
Head of Growth
Security is a top priority for e-commerce merchants, and new technologies are constantly being developed to combat fraud and ensure payment security. Network tokens, introduced by Visa, Mastercard, and AMEX, are one such development. With this technology being introduced in the European market in 2021, it is crucial to understand what network tokens are and how they function. While solving security challenges, network tokens also help businesses create seamless payments experiences that are making a material difference to conversion and revenue.
Before we dive into network tokens, we should explain the concept of tokenization. Tokenization is the process of replacing sensitive data, such as credit card details, with a unique string of numbers, known as a payment token. This technique is commonly used in the payments industry to secure cardholders' primary account numbers (PANs) and reduce the risk of fraud. These PANs are the 15- or 16 digits present on a credit or debit card. The concept of using a token to safeguard something of value is nothing new: think of chips in a casino or tokens in an arcade - payment tokens follow the same principle.
The tokenized payment flow involves generating and securely storing the payment token and using it for subsequent transactions. Payment Service Providers generate their own tokens and accept tokenized payments for online and contactless transactions. Tokenization allows for one click payments, helps merchants comply with PCI DSS requirements - as they do not need to store the card data - and reduces the risk of data breaches while offering a more secure and seamless checkout experience for customers.
Network tokens move the tokenization from the Payment Provider to the card schemes. When a customer makes a purchase for the first time with a Merchant, their card details are sent to Scheme Token Service through the payment page hosted by the Payment Provider. When the issuer approves the transaction, the Scheme Token Service replaces the card data with a unique token. This generated token can be used for repeated purchases with the Merchant, eliminating the need for the customer to re-enter their card number. In the picture below you can see how repeated transactions can be initiated with the use of network tokens (the blue arrows).
Token Service Providers are entities that enable merchants to generate and use network tokens. Token service providers register a Token Requestor ID identifying each merchant. The Token Requestor ID serves as a way to limit the usage of tokens to the domain of the Merchant, which provides an advantage over tokenization done by PSPs in terms of security. When a customer makes a repeated purchase, the Token Service Provider sends the network token tied to that customer to process the payment, as described above. Transactions initiated by customers require the use of a cryptogram in addition to the network token. Cryptograms are a secure element created uniquely per-transaction with the role to reduce fraud. Token service providers play a critical role in the scheme token ecosystem, as they ensure that merchants can accept tokens from a variety of issuers and payment networks.
Network tokens are used in a variety of payment scenarios, including in-store, online, and in-app transactions. In each case, the customer's actual card data is replaced by a unique token generated by the Scheme’s Token Service Provider - a product from the schemes. In the picture above you can see the payment flow for a n initial transaction that generates a network token.
There are two use cases to highlight here: repeated customer initiated transactions and a merchant initiated recurring transactions.
When the customer makes a purchase, the merchant requests the Token Service provider to obtain a new cryptogram from the Scheme Token Service by providing a network token. The PSP forwards the token to the payment network for processing. The payment network then sends an authorization request where the network token and cryptogram are included alongside the transaction details for authorization. The issuer verifies the token and either approves or declines the transaction. For subsequent transactions the customer does not have to fill in their credit card details. The PSP on behalf of the merchant carries out the process of obtaining new cryptograms in order to initiate transactions.
With recurring transactions, only the initial transaction makes use of the cryptogram together with the network token. After the initial authorization by the issuer there is no need for receiving additional cryptograms for subsequent recurring or unscheduled transactions initiated by the merchant. The recurring transactions are verified based on the initial transaction data and network token of the customer.
Now that we’ve covered how network tokens work, let’s take a closer look at why e-commerce merchants should take an interest in them. By keeping sensitive payment information out of the merchant's hands and replacing it with a token, network tokens eliminate the need for merchants to store and protect this data.
The main benefits of network tokens for merchants can be summarized as:
In conclusion, network tokens offer several benefits over traditional tokenization by payment service providers. One of the most significant advantages is that they enable lower costs and higher authorization rates. Additionally, network tokens offer better cardholder authentication, making them a more secure and efficient payment processing option. Finally, network tokens, when owned by the merchant, avoid the risk of being locked in by your Payment Service Provider and offer the opportunity to route your payments however you want.
Therefore, if you're an e-commerce merchant looking for a more secure, efficient, and compliant payment processing option, network tokens are a must-have if you care about conversion and revenue optimization. Contact your payment service provider today to learn more about this technology, and whether you own your network tokens and can use them for other parties you route payments through.