Article
From Chip & PIN to AI agents: Why the token is the hidden engine of commerce
What global enterprises need to know about building a future-proof tokenisation strategy that reduces costs, increases performance, and prepares for the age of agentic commerce.
Every major leap in payments has been born out of necessity. In the 1990s, the invention of the EMV(Europay, Mastercard, and Visa) Chip reshaped card security in response to rampant fraud. In the 2010s, the rise of ecommerce and large-scale data breaches pushed the industry toward digital tokens.
Today, as enterprises increasingly choose a multi-psp setup, they face the challenge of managing multiple providers who all need access to sensitive payments data. And tomorrow, the rise of AI agents will demand yet another leap. For the modern global enterprise, commerce is no longer linear. It is a web of channels, regions, and providers, each with its own opportunities and challenges.
Delivering a seamless customer experience globally means enterprises must build a payments infrastructure that is resilient, flexible, and optimised for performance. For many, especially those expanding geographically, this leads to the consideration of a multi-provider strategy, leveraging a combination of payment partners to ensure global reach and mitigate risk.
As this vision has evolved, a new ecosystem of third party vaults has emerged, offering provider-agnostic security solutions while building out table-stakes vaulting capabilities such as Account Updater and network tokenisation. Forward proxy endpoints embedded in these solutions unlock multi-provider strategies in this architecture, ensuring limited PCI scope without having to replicate vaults across every provider.
Yet not all solutions are equal. Third-party vaults may store data but often cannot optimise performance or integrate transaction results into their core platform. This adds cost and complexity without delivering strategic value.
Backed by trillions of dollars in payment data from top global brands, Adyen’s Tokenise solution safeguards sensitive data while leveraging scale to reduce costs and provide actionable insights that help enterprises optimise and grow.
The era of fragmented credential management is ending. The universal token vault -secure, bank-grade, and provider-agnostic - provides the foundation for mastering global commerce today and into the future.
Just as EMV Chips secured the physical world and tokens secured the digital world, the token vault is now the foundation that will allow enterprises to thrive in the emerging era of agentic commerce where AI agents transact autonomously on behalf of consumers. The choices merchants make today will define their readiness for this new frontier.
Chapter 1: When necessity drives innovation: Building trust in payments today
Payments have always been a step ahead of fraud. Each innovation solves one problem while creating the next. For merchants, these shifts aren’t just technical, they shape trust, operations, and growth.
1.1 The rise of the EMV Chip
For decades, face-to-face commerce relied on insecure magnetic stripes, leaving counterfeit fraud rampant. The industry responded with EMV - introducing the chip in 1996. Unlike static card data, the chip generates a unique cryptogram for every transaction, making physical card cloning virtually impossible. The impact was immediate. Markets adopting EMV cards saw card-present fraud plummet. But as history would show, solving one vulnerability often exposes another, a lesson enterprises continue to grapple with today.
1.2 Card-Not-Present (CNP) fraud emerges
EMV chips shifted fraud online.
This rise of CNP fraud immediately after the introduction of EMV chips highlighted a critical insight - security innovations must anticipate the next challenge.
While a chip could secure a card in a terminal, it offered no protection for online transactions where a static card number was all that was required. The explosion of ecommerce fraud after chip cards were fully deployed created the imperative for the next great evolution in payment security - the token.
1.3 Securing digital payments
The early 2010s saw a surge in ecommerce fraud and high-profile data breaches such as the Target breach in 2013 and the Home Depot breach in 2014, which exposed millions of customer credit and debit card records, highlighting how even large, sophisticated businesses were vulnerable. For merchants, this meant secure, intelligent payment infrastructure was no longer just a compliance requirement, but a critical strategic imperative.
One of the answers to the rising CNP fraud challenge was payment tokenisation. First released publicly in 2014 as part of EMVCo's first technical release, the process was designed to protect sensitive data by replacing it with a non-sensitive equivalent, a "token." In payments, the most common use case is to replace a customer's Primary Account Number (PAN) with a unique, algorithmically generated string of numbers that has no mathematical relationship to the original.
This token can be passed securely through networks to process a payment, but the actual card details are not exposed to merchant or customer-facing systems. This innovation not only provided a powerful defence against data breaches but also dramatically reduced the scope and cost of PCI DSS compliance for merchants.
1.4 Hosted tokens vs. network tokens
As tokenisation matured, two distinct types of tokens emerged, each with critical strategic implications for enterprise businesses.
Hosted tokens are tokens that are typically valid only within a single domain, requiring specific access and decryption methodologies to access. While useful for enabling card-on-file functionality and reducing PCI scope, their lack of portability can often introduce complexity for merchants with multiple payment providers who require the full payment details in order to interact with typical payment networks such as Visa and Mastercard. It’s important to note that in the merchant scenario, hosted token solutions can be built in-house (walled PCI area of their architecture) or externalised to a 3rd party (commonly payment providers or 3rd party vaults).
Network tokens, by contrast, are created and managed by the card networks themselves. These tokens are interoperable and can be processed by any acquirer. They offer superior performance, benefiting from automatic lifecycle management – such as updating when a card expires – which leads to significantly higher authorisation rates. Digital wallets (e.g. Apple Pay) are a common example of how network tokens are used to share payment data securely between consumers, merchants, card networks and banks in order to facilitate a transaction.
The progression from physical chips to digital tokens illustrates that the most effective security solutions provide a flexible foundation for the future. As enterprises now grapple with the complexities of a multi-provider world, the strategic importance of a robust, flexible, and high-performing token infrastructure is central to maintaining trust, optimising performance, and staying competitive.
Chapter 2: The token vault: From compliance tool to Merchant Command Center
Tokens solved the problem of securing digital payments. But for global enterprises, the bigger challenge soon became managing them, across multiple providers, regions, and channels. The token vault emerged as the command centre for this new era, shifting tokenisation from a compliance exercise to a strategic enabler of flexibility, performance, and growth.
2.1 The enterprise dilemma: Flexibility vs. reliability
For enterprises that do require a multi-provider strategy, the path has been fraught with compromise. Until now, merchants have been forced to choose between imperfect solutions. Below are examples of common “fence-straddling” questions that are debated by merchants when evaluating their long-term vaulting strategy:
How much build/maintain effort is needed to stay compliant with PCI standards?
How much financial risk is my business willing to take on if a data breach occurs?
How stable is the business that is storing my most sensitive data?
How much additional cost will I incur per transaction?
Can I send transactions to a 3rd party and avoid vendor lock-in?
How much will I benefit from other merchant data stored in the vault (the consortium effect)?
How agnostic really is my vault? Do they have deals with certain providers that will cause them to act in their best interest ahead of mine?
Until recently, merchants had to compromise between flexibility and reliability, with no clear way to achieve both.
The below visual highlights areas where each strategy has pros and cons:
2.2 Payments as a control centre
A wave of third-party vault providers promised provider-agnostic security. While effective at storing credentials, most added cost and complexity without delivering performance insights or integration with transaction outcomes. In short, they solved for compliance, but not for growth.
At Adyen we have built a solution that provides the flexibility and insights merchants desire, but from within a secure, regulated, bank-grade financial technology platform.
Today, Adyen’s Tokenise solution operates at one of the largest scales in the industry — managing over 7.6 billion active tokens across the globe as of October 2025. Combined with automated recovery tools delivering over 2.6% recovery rate on average, Adyen’s vaulting solutions turn what was once a simple compliance layer into a performance engine for enterprise growth.
This is the result of listening to our merchants' need for a solution that offers strategic control without the risks of a startup or the misaligned incentives of a traditional orchestrator.
2.3 Why the universal token vault matters for the future of commerce
The same vault infrastructure that gives merchants flexibility and ownership now is the prerequisite for tomorrow’s agentic commerce. Just as EMV Chips laid the foundation for secure card-present transactions, and tokens secured the digital world, the universal vault is what will allow merchants to thrive when AI agents transact on their customers’ behalf.
Chapter 3: Preparing for agentic commerce
If EMV Chips secured the physical world, and tokens secured the digital world, then the token vault is what will prepare merchants for the agent-driven world. The architectural choices enterprises make today are not just about solving current challenges, they are about future readiness in an economy where AI agents transact on behalf of consumers.
3.1 Data ownership and strategic control
In an agentic economy, ownership of payment credentials becomes existential. Merchants who rely on fragmented or provider-biased vaults risk ceding control of customer data and loyalty. A universal token vault ensures that enterprises retain ownership, portability, and independence, transforming payments from a cost centre into a strategic asset that can be optimised for performance, cost, and resilience, placing the merchant firmly in the driver's seat.
3.2 The agentic paradox: New opportunities, new risks
The emergence of AI-driven commerce presents merchants with a stark paradox. On the one hand, it represents a powerful new channel capable of delivering highly qualified, high-intent customers. On the other hand, it poses an existential threat to the traditional merchant-customer relationship and introduces a host of new risks. Conversations with dozens of enterprise merchants reveal deep-seated anxieties about disintermediation, fraud, and a loss of payment flexibility.
The central conflict is clear: the agent's greatest strength for the consumer (simplifying the task of browsing many merchants) is its greatest threat to the merchant (becoming a "commodity API"). A sustainable future for autonomous commerce is one where personalisation, loyalty, and differentiation still exist, just through a new medium.
3.3 The universal token for a trusted, connected future
The solution to this paradox is the universal token, which directly addresses anxieties about agentic commerce.
Persistent identity: Tokens provide a stable customer identifier, ensuring merchants can still recognise and reward returning customers, even when agents initiate the transaction.
Verifiable mandates: Tokens can bind a user’s identity to a purchase, creating a secure audit trail that mitigates fraud and clarifies liability.
Payment flexibility: A universal token can represent any payment method, such as a card, bank account, or e-wallet, ensuring merchants are not locked into a single rail as commerce evolves.
3.4 Shaping the future of commerce, one token at a time
Just as EMV Chip adoption defined card-present security, and tokenisation reshaped digital payments, the universal token vault will determine who thrives in the age of agentic commerce. Enterprises that invest now in flexible, secure, and provider-agnostic infrastructure will not just adapt to the future, they will help shape it.
Conclusion: Preparing for the age of autonomous commerce
The evolution of commerce has been a relentless march toward greater convenience and security. We are now at the threshold of the next great leap: the autonomous, agent-driven economy.
This future, while promising, is fraught with legitimate challenges. The solution is the continued evolution of the token. Its journey from a simple security feature to a strategic asset for enterprises has prepared it for its ultimate role as the indispensable trust layer for autonomous commerce.
For merchants, the message is clear: the choices you make now about tokenisation are not just about compliance or cost. They are about ownership, resilience, and future readiness.
The universal token transforms payments from a tactical necessity into a strategic asset. It gives enterprises the control and flexibility they need in today’s complex ecosystem, while establishing the trust framework required for AI-driven, agentic commerce.
Just as past innovations defined eras of commerce, so too will this one. The enterprises that act now to build on the quiet power of the token will not only keep pace with change, they will shape the future of global commerce itself.