Tokenization of cards plays a fundamental role in security technology. It can be considered a necessity when it comes to digital payments. The technology provides a safer digital payment experience once it replaces the card number with a token – an alternative number.
The token is associated with a card, platform or device, from wallet payments such as ApplePay to online e-commerce purchases, such as Netflix. In this way, it is possible to verify the origin of a token and restrict its use to a device or electronic commerce.
Would you like to better understand how tokenization contributes to the world of digital payment security? Then check out the content below!
What is a token, after all?
A payment token is a unique value that represents a credit card number or PAN. Payment tokens are issued automatically in real time and used during a payment. Examples may include e-commerce only, a specific shop, and many others. Industry providers – such as credit card brands and payment gateways – offer the service of replacing card numbers with tokens.
Tokens are then used to process payments just like a regular credit card. However, bank details or PAN are never exposed, making the transaction much more secure.
How does the NFC token work?
The NFC Token is a feature that mimics a contactless payment card. It is always associated with a device with NFC support, be it Android, iOS or even devices like Garmin and Fitbit. The NFC technology allows an application inside the smartphone to receive the commands sent by a payment terminal, interpret them and respond as if it were a contactless card. The terminal does not know that it is communicating with a mobile device, because the responses generated are identical to those on a card.
Behind the NFC digital wallets there is an infrastructure created by brands and banks that allows a physical card to be digitized inside the wallet. The digitization process securely creates the card’s credentials inside the digital wallet. With the card’s credentials, the NFC digital wallet is able to behave as if it were the card at the time of the payment.
Issuing banks have the ability to control tokens associated with their physical cards. This allows, for example, to block or remove a card from a digital wallet with a simple remote command!
How Tokens are used
Mobile devices are increasingly used to make online purchases, and consumers demand a digital shopping experience that is safe and fast. Check out the main uses of the Token.
Use of Tokens in stores
The NFC Token allows for a flexible, contactless and innovative way of shopping in stores. For the payment to be secure, NFC token technology replaces the 16 card numbers for a single digital token. At the end of the purchase, a simple NFC signal is emitted from the device close to the card machine, which enables the transaction to be made quickly, safely and contactless.
Issuers can implement the NFC Token in a number of ways. The first is through digital wallets, which allow the digitization of debit and credit cards. The second option for making a face-to-face contactless payment is through wearable devices such as smartwatches, in which the payment is done safely and conveniently only by approaching the card machine with the wrist.
Use of Tokens in e-commerce and apps
With the constant increase in purchases made via e-commerce, the number of fraud attempts and access to sensitive customer information has also increased. This fact has made e-commerce companies invest even more in data storage security and fast and secure checkouts.
Applications and e-commerce companies store customer data to facilitate recurring, automatic and subscription service payments, increasing customer loyalty rates and delivering a unique shopping experience.
Tokenization of cards – What are the main benefits?
– Unique and safe shopping experience;
– Technological innovation and easy digital purchases;
– Commercial transactions less centered on money;
– Greater security of card data;
– Increased reliability in transactions with tokens;
– The Digital First concept encourages the registration of cards in digital wallets, allowing customers to make payments instantly;
– Recurring payments – if the card is lost or stolen, the payment information can be updated automatically.
Token life cycle – Tokenization of cards
In a digital wallet, tokens are associated with a credit card number or PAN. A single card can have different tokens associated with it. However, each token is unique and specific to a specific sales channel. The status of each token on a given card is also independent. One of the main functions of the Token Service Provider (TSP) is to control the life cycle of the token, which has 4 different status.
A token can be “active” or “inactive”, and among these status, it can be classified as “requested”, “suspended” or “ended”. Understand each one of them:
Requested: it is the initial state of a token on a digital wallet, which has already been created but it is not yet available and not yet functional.
Active: when the token is available and can already be used
Suspended: the token is temporarily suspended by the issuer, consumer or cardholder.
Ended: the token is permanently disabled and can no longer be used.
How does payment tokenization work?
Customer: completes a registration or makes a purchase.
Retailers: requests that a token be generated.
Entity Requesting Token (TR-TSP): submits a Token Request.
Token Service Provider (TSP): Requests approval from the issuer.
Issuer: approves generation of token.
TSP ** Token Service Provider: generates the token.
Entity Requesting Token (TR-TSP * Token Request – Token Service Provider): provides information on the token.
Retailer: receives the requested token.
Tokenization, Compliance with PCI and Encryption
How does tokenization work with regards to compliance with PCI ?
Since tokenization is able to replace sensitive card data, it can be used by third parties to meet PCI compliance requirements within the payment ecosystem. While tokenization does not guarantee compliance with PCI, it can help to reduce the required scope of operations, particularly for merchants that handle sensitive cardholder data. The retailer’s payment device or the processor used by the person acquiring the product will generally store sensitive data in a digital vault and provide the retailer with tokens. In network tokenization, the card network issues the token. Network tokenization can also be used to help merchants meet PCI requirements.
How does tokenization differ from encryption?
Both tokenization and encryption are methods used to increase the level of security associated with sensitive data. Tokenization replaces sensitive data with new additional data — the token — and only the party that created the token is able to map out the token and discover the original data. Encryption, on the other hand, transforms or disguises data using an algorithm. Encrypted data can be decrypted by any party that holds the encryption key in order to obtain the original data.
Click to Pay – Recent developments in network tokenization
In recent years, retailers and card networks and issuers have become increasingly aware of the benefits offered by the use of network tokenization across the payment ecosystem.
A new payment method based on network tokenization is Secure Remote Commerce (SRC and the brand Click to Pay available to consumers) and was recently introduced by major card networks. Secure Remote Commerce provides cardholders with a guest checkout experience on retail sites that are similar to the “buy now” buttons that allow cardholders to store their payment details using tokenization.
What are the benefits of using Click to Pay solutions?
Transactions are performed instantaneously
Delay-free online shopping experience. Customers do not need to repeatedly enter their card, billing, and shipping information.
Increased convenience during purchases
Simple, fast and secure mobile shopping. Offers an ecommerce or mobile payment experience that is similar to the physical equivalent.
Reduction in costs
Click to Pay offers savings in terms of resources and costs. Furthermore, certification is not required for each banner.
Tokenization of cards – Solutions
The digital transformation has changed the way companies interact with their customers, and smartphones are helping to address these interactions that are constantly changing. Tokenization technology allows a number of benefits and facilities:
White Label Digital Wallet – HST Pay
HST’s complete payment platform that allows financial institutions, card issuers and brands to obtain their digital wallet, with all modules related to tokenization, such as user management, payments, cards and reports.
Push Provisioning is a card and token management platform, which allows centralized management for issuers that allows the management and digitization of the card on any platform, whether in digital wallets, mobile devices, watches or even in recurring shopping websites, such as streaming subscriptions.
EMV QR Code
Looking for a simple, economical and convenient alternative to digital payments? The QR Code allows customers to pay by reading a code through their cell phone camera, facilitating payment, reducing queues at the POS and bringing an innovative form of digital payment.
The wearable payment technology is the most convenient way to make payments. Through their devices, consumers can make contactless payments quickly, thus eliminating the need to carry wallets or other devices.
The process of collecting and storing credentials for future transactions is known as CoF (card-on-file). With the tokenization of card-on-file payments, shops store their customers’ tokens instead of physical card data, making the purchase process much more secure.
Want to know more? Understand how tokenization improves security and purchase convenience. Download E-book!