For online businesses managing payments at Ecommerce check-out means dealing with credit and debit card information and the need to store that information securely for future purchases. Storing sensitive card data is an extremely delicate task that is regulated and controlled by the PCI DSS regulations. That’s why many companies rely on outside players for vaulting card information, avoiding the need to incur into expensive certifications, while being able to focus on their core business. Payment tokenization is one of most common ways to solve this problem and to make the most of an efficient payment processing infrastructure while keeping costs down and optimising authorisation rates and performance. But let’s start from the beginning.
We hear the word more and more in the world of digital payments: tokenization is in fact now commonly used by most internet retailers because of the many advantages that it brings to both companies and other players involved in managing the transactions. We can see this from the significant expansion of this market, that is projected to grow from $2.81 billion in 2023 to $9.82 billion by 2030 with a CAGR of 19.6%.¹
When we talk about card tokenization in the payments landscape, we refer to a service where customer’s card data is vaulted (aka safely stored) and replaced with a token, which is a string of numbers and letters that is associated with the customer’s card and is only relevant to the specific company, without any value itself if accessed by anyone else. This allows businesses to process transactions without the need to store customer’s data - which comes with its problems and responsibilities, not to mention the need for a PCI DSS certification. This way every transaction from the same card refers to the same token, without the need to enter the data again and with increased security for the customer and company.
However, there are two types of tokens: payment service provider (or proprietary security tokens) and network tokens. Let’s look at the difference together:
The first ones are tokens issued by the service provider (PSP). They have all the advantages of tokens and give the company the flexibility to allow for recurring payments without the need to store sensitive card information and delegating the privacy issues to an outside partner. However, the disadvantage is that these tokens only work with the specific payment provider and are not “universal”. In fact, in the case of the business switching payment provider, the card information needs to be extracted and passed on to the next provider which may take time and slow down the process, reducing efficiency.
If a business is adopting a multi-processor strategy, it is necessary to use tokens that can be shared and utilised across different providers.
This is possible with network tokens. These tokens are issued by the main circuits, like VISA or Mastercard, and can be used across different payment providers. Moreover, they have other advantages like the fact that if a card expires or is lost and substituted for a new one, the card information is automatically updated and the token will refer to the new card. This means that recurring customers with subscriptions do not need to enter their new card data and the payment will go through automatically.
While this is also important for single purchases, when we are dealing with recurring payments and subscription businesses, data tokenization plays a vital role in making sure that the payment goes through successfully each time and that the sensitive data is kept secure through the subscription time. For subscription-based business models, network tokenization is something that should be considered in order to optimize payment processing.
Moreover, the fact that network tokens are used by all players involved in the payment process allows for a greater level of security for the transaction. In a digital world where online fraud and cybercrime are a rising and real threat and where Ecommerce fraud costs the industry $21 billion per year², network tokenization offers increased security throughout the whole payment process.
Therefore, we can summarise the main benefits of adopting network tokenization for Ecommerce transactions as:
Relying on tokenization with a single PSP, can become a problem the moment a company decides to switch to a different service provider or to add a new one for a different geographical region. In this case, as mentioned before in this article, the sensitive card data that is vaulted with the PSP needs to be transferred to the new PSP and this can be a long and sometime difficult process. In fact, tokens by themselves have no value if used with different processors. However, the tokenization service of a payment orchestrator is agnostic, which means already independent from single PSPs and it allows businesses to use the same tokens with different providers. This provides flexibility, efficiency and a reduced time to market for Ecommerce.
This is even more relevant for businesses that operate across different countries and continents, which offer different payment methods and need to work with varied PSPs: these will benefit from a payment orchestration platform as explained in our insight on the topic. Relying on network tokens allows businesses to quickly implement new PSPs and integrate new payment methods and new geographical regions.
In conclusion, network tokenization is growing exponentially in the Ecommerce payment world because of the advantages that it brings to merchants both in terms of efficiency and security. It can be a great asset for Ecommerce businesses to increase acceptance rates, reduce time to market and expand to new geographical regions, while ensuring a high level of security for both companies and customers. If you are interested in deepening your knowledge of payment orchestration and tokens, you can download our whitepaper for free.
Tokenization Market Size | Fortune Business Insights, 2023
Riskified, 2020.