With network tokenization, the card network replaces the customer’s card details with a token. The merchant then has a unique token value that it can use for current and future transactions—but does not have access to, nor a responsibility to protect—the underlying account details. Because the network token is unique to the card network, merchant, and customer, it can be disabled by the card network at any time without causing the consumer the inconvenience of having to acquire a new physical card.
What is network tokenization?
Network tokenization is the latest evolution of tokenization and helps protect the most valuable data in payments—the Primary Account Number (PAN). These core details from a credit card are traditionally used to initiate and close a transaction through the card networks. The PAN consists of the card number, expiration date, and CVV; any merchant's most fundamental obligation is to protect this information.
However, even as they try to be good stewards,, the pace at which PAN details can change (based on lost cards or simply re-issuance based on the expiration date) can result in a complicated mixture of processes to stay current, which can drive painful lost revenue.
Instead of passing back the credit card number, expiration date, and CVV, network tokenization requires the merchant to pass a token representing the consumer’s account and its relationship to the merchant.
How network tokenization relates to other tokenization models
- PSP Tokens: Relatively easy to implement, especially for merchants working exclusively with full-service providers. However, these work only with the payment service provider that issued them.
- Network Tokens: These are highly specific to each customer, merchant, and card network, but they benefit from being theoretically portable between PSPs should a merchant wish to switch partners.
- Universal Tokens: Generally granted by programmable payment vaults, these are not inherently associated with any PSP or card network and can thus be securely saved and accessed by a merchant.
Whether merchants opt for network tokenization or one of the other models, replacing PAN data with secure tokens helps address the security of payment card information. This, in turn, delivers confidence for consumers and reduces the risk to merchants of data breaches.
Network tokenization gains the most significant benefit from its direct relationship to the underlying card network: merchants using network tokens correctly may not be liable for fraud-related chargebacks. From a process perspective, there are other meaningful benefits: for instance,, a network token does not expire when the physical card does, as it identifies an account rather than a piece of plastic. This eliminates the need to ask customers to update their cards, or to contract with an account updater service to avoid problems when charging subscription fees, or closing subsequent purchases.
Where Network and PSP Tokens Come Up Short
When the card networks launched network tokens, three main value propositions emerged:
- Increased security to fight fraud.
- Improved authorization rates.
- Enhanced checkout experience.
Because a network token is a unique, merchant-specific representation of a consumer’s account, it not only cannot be used by another entity, it also does not become invalid when fraudulent transactions are submitted at another merchant—nor does it cease to work when a new physical card is issued. That’s the good news.
However, because the network token is issued by a specific card network, the token can only be used within that network. This requires the merchant to set up smart routing and dynamic payment flows for cost efficiency and performance, based on the type of credit card being used and payment token that is required.
A common approach to keeping merchant payment systems out of PCI scope has been for PSPs—particularly full-service PSPs—to provide merchants with PSP tokens instead of the full PAN data. This protects the consumer’s data and eliminates the risk of PAN data being stolen from or leaked by the merchant's payment system.
However, this creates a similar situation to a network token: the PSP token only works with the provider that issued it, locking the merchant into that relationship.
By contrast, while a network token is issued and managed by the card network, and a PSP token only works with the provider that issued it, a universal token is issued and managed by a token orchestration provider or payment gateway.
In principle, many modern PSPs can accept a network token on behalf of the merchant then provide a PCI-compliant token of their own to the merchant to regain some of the benefits. However, particularly in the case of full-service PSPs, the underlying network token is now inextricably linked to the PSP and the merchant: the PSP provides a token of the network token, delivering double security by separating the merchant from the network token!
As a result, should the merchant want to replace their PSP, they will need to collect all new network tokens for every customer they have ever served by asking them to re-enter their PAN - a consumer experience that no merchant wants to impose.
PCI Compliance and Network Tokenization
In fact, it is possible for a merchant to leverage both network tokens and universal tokens by partnering with a token orchestration provider to use a payment vault.
In this scenario
- The merchant uses the vault’s SDKs and APIs to collect a customer's PAN during the first transaction.
- The merchant directs the vault to submit the transaction via their selected gateway and request a network token.
- The vault receives and stores the network token and then issues a unique token to the merchant.
- The merchant now uses the vault token to identify the customer account it wishes to charge, and the vault presents the stored network token to gain transaction approval
By combining the network token and the flexibility of the payment vault, merchants can enjoy the best of network tokenization: all the upsides of network tokens alongside the flexibility to work with multiple PSPs at any given time. This delivers higher transaction success metrics, secure storage for customer data, and a positive customer experience that keeps consumers transacting on your platform.
Embrace network tokenization and optimize your transaction process.
