Guides

Tokenization: Guide to card and payment tokenization

Discover how card tokenization can reduce fraud and streamline your payment processing.

8 September, 2023

· 7 minutes

Topics

Guides Manage risk Understand payments Make compliance easy Optimise payments Omnichannel experiences

Tokenization is the process of replacing sensitive data with non-sensitive data. For payments, this means safeguarding a card’s PAN by replacing it with a unique, non-identifiable number.

How does tokenization work

A payment token is a unique string of numbers, which acts as a secure identifier, generated from the card PAN. Payment tokens are issued in real-time and are used online in specific domains and/or payment environments, i.e only ecommerce, only for specific merchant(s) etc.

Tokenized payments are payments where the PAN is substituted by a token while processing the transaction. This means the PAN is not transmitted during the transaction, making the payment much more secure. Since the PAN is never compromised, it's almost impossible for the token can be used fraudulently. Even if a data breach occurs and payment tokens are accessed, the tokens cannot be used elsewhere.

Tokenization is a process of replacing sensitive data with non-sensitive ones. It safeguards a card’s primary account number (PAN) by replacing it with a unique string of numbers called tokens.

A payment service provider automatically generates payment tokens from the PAN, in real-time. These tokens can then be used online in predefined domains and payment environments, like for ecommerce transactions only or for a specific merchant, to make tokenized payments.

Tokenized payments are payments in which a token substitutes the PAN. Since the PAN isn’t transmitted during the transaction, there's very little possibility that the token can be used for fraudulent activity, even if a data breach occurs and payment tokens are accessed. This is the key strength of tokenization as a security measure.

Tokenization at Adyen involves securely storing customer card data and generating a token that can be used by the merchant to charge subsequent purchases, as shown in the diagram above.

Other Token Service Providers (TSPs) generate their own tokens. This is the case for the major card schemes and digital wallets.

As an acquirer, Adyen can accept tokenized payments for online and/or contactless payment methods, i.e Apple Pay, which uses payment tokens for online and (contactless) in-store transactions.

Tokenization is a great option for subscription- based business models, or businesses which generate significant business with repeat customers. As tokens can be stored securely, and used to enable “one-click” payments for future transactions, tokenization acts as a great way to streamline the shopper flow at the checkout stage.

There are a whole host of benefits which tokenization brings for merchants.

Cost savings: Adyen Tokenization takes on the burden of managing cardholder data, storing it in a secured way. This results in reduced costs of meeting and monitoring Payment Card Industry (PCI) compliance.

Increased security: Fraudsters will be unable to use tokenized data, even if they do manage to steal it, as they won't be able to link payment information to the token.

Enabling one-click (or even “0-click”) payments for shoppers: Tokenization enables merchants to offer customers the option to save their payment details, securely. This means they won't have to re-enter payment details, next time they make a purchase. These one-click payments can significantly increase conversion at the checkout page by streamlining the payment process.

A more advanced version of tokenization is network tokenization.

In payment tokenization, the payment service provider, like Adyen, stores the customer’s card details, like the PAN, and generates tokens that merchants can use for payment transactions.

In network tokenization, the card networks like Mastercard, Visa, and American Express, are the ones to store the PAN and generate the tokens. Because the schemes maintain the end-to-end tokenization process, network tokens are always up-to-date even if the card details expire.